PG Hanging at Shutdown - Items Missing in Logs

Discussion in 'ProcessGuard' started by passing thru, Aug 4, 2005.

Thread Status:
Not open for further replies.
  1. passing thru

    passing thru Guest

    "Attack" details are archived in log files stored in *:\Program Files\ProcessGuard\logs. The logs are worth reviewing occasionally. I have found "attacks" (meaning blocked activity) in the logs that the GUI misses.
     
  2. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    601
    Location:
    Australia
    Re: PG Question

    passing_thru,
    Have you reported this to DCS as a bug to be fixed ?

    If not would you consider starting a thread for it and pasting an excerpt from one of your logfiles and highlighting what was missed from the GUI side of things.

    I am sure that would get some interest from the user base as well as DCS
    It is always better to know about these things...

    Thanks
     
  3. passing thru

    passing thru Guest

    Re: PG Question

    While troubleshooting a slower than normal shutdown on one of my XP systems, I found the following recurring sequence in PG's logs:

    Mon 01 - 00:55:28 [EXECUTION] "g:\windows\system32\logonui.exe" was allowed to run
    [EXECUTION] Started by "g:\windows\system32\winlogon.exe" [752]
    [EXECUTION] Commandline - [ logonui.exe /status /shutdown ]

    Mon 01 - 00:55:42 [TERMINATE] g:\program files\nncron\nncron.exe [1404] was blocked from terminating g:\program files\nncron\nnguard.exe [1580]


    nnCron (http://www.nncron.ru/index.shtml) is a scheduler that runs as a service. The nnguard executable normally protects the nncron executable from termination. nncron.exe starts nnguard.exe at system startup and terminates it at shutdown. PG's driver, as it should, is blocking that termination. Since PG's GUI had already shut down (even though the icon is still visible in the tray), no alerts are generated. Once I gave nncron.exe permission to terminate other protected processes, the system shut down without hanging.
     
Thread Status:
Not open for further replies.