PG prevents 'Giant' termination

Currently I am trialing Giant AS and for the last two days I have received alerts from PG that svchost.exe, which supports the RpcSs (Remote Procedure Call) service, has attempted to terminate gcasdtserv.exe (the Giant AntiSpyware Data Service) whose 'parent' is also svhost.exe (though with a different PID and supporting different services).

PG has prevented these terminations, but why would svchost.exe be wanting to to terminate Giant in this way? I have found Giant to be mighty 'buggy' but has anyone else experienced this, or have any ideas about it?

 

Hi Topper, svchosts is a special case within ProcessGuard, you should allow svchosts "Access to Physical memory" plus the default settings.
Both Giant gcasdtserv.exe & gcasserv.exe need to be on the Protection list with the default allows.

EDIT: I have just been updating the latest Giant definitions and found that Giant got stuck on services (part of the Quick scan test) I had an alert from PG stating that gcasdtserv.exe needed to terminate gcasserv.exe so I shutdown Giant and gave gcasdtserv.exe the Terminate allow and now the scan is running correctly.
So I am now not sure what is going on as it may be to do with the latest Defs

HTH Pilli

 

Thanks Pilli, in fact I have these settings. Clearly something is wrong with Giant (and not for the first time!). It's just a little odd that RPC should want to do the terminating - unless it is being used by a Giant module??

This has now turned into a Spyware thread rather than PG. Other than to say that without PG I would not have been aware of what was happening on my system!

 

Thanks Peter, Can you please state your settings for giant?

Pilli