PG settings / problems

Discussion in 'ProcessGuard' started by tech-addict, Dec 21, 2003.

Thread Status:
Not open for further replies.
  1. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    New registered user of PG :) never tested free version, since it was highly recomended by someone I know.
    System: Compaq laptop P3m 1.2Ghz XP SP1 Home "too many tweaks to list"

    On first install I chose to add the default protections and was getting "could not attach errors" so I read through this forum and decided to uninstall in safemode, which went ok but on re-install it still did it again, so I tried the bootvis suggestion, which I found bootvis times out on this laptop (ZA Pro and NSW loads to slow for bootvis) :oops: so then I cancelled bootvis, rebooted and started getting BSOD's :mad: So I uninstalled again and also uninstalled norton systemworks pro (loads too slow anyway) Went back to running SAV for now.

    Ok so I defragged, reboot and re-installed PG and all is good now :p
    But on install this time I didn't choose to enable default protections and now I don't see the option after reboot.

    I would like to enable them without going through another uninstall ;)
    Also I would like to know: How to protect SAV 8.1, BOClean 4.11 and ZA Pro 4.5.538 ?
    Just choose the .exe's in the program folders ?
    And I would like to know what MS processes should I protect and how ?

    Mabey a sticky thread or a general list of how to protect common firewalls, antivirus programs, MS processes, ect... would be a good addition to this forum.

    Thanks in advance for any info you can provide.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:pG settings

    Hello Protek & welcome :) Glad you got there in the end!
    Here is a screanie showng the basic list
     

    Attached Files:

  3. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Re:pG settings

    Thanks for the welcome and reply :)
    So should I assume that there is no way to enable the protections offered at install without doing them manually now ?

    Is that screenshot showing me all the protections that would have been enabled if I chose yes on install ? (looks like more were below on your scroll bar)

    Still would like to find out if I just choose the .exe's in the program folders of my firewall = ZA Pro 4.5.538 , anti trojan = BOClean 4.11, anti virus = Symantec Anti Virus CE 8.1 will that be enough to properly protect those processes. (thinking there's more to it than that)
    Thanks
     
  4. WilliamP

    WilliamP Registered Member

    Joined:
    Jun 1, 2003
    Posts:
    2,201
    Location:
    Fayetteville, Ga
    Re:pG settings

    Click on add file to prtect . Then search your c drive program files for the exe. s that you want protected. The right click on each one. A box will pop up and at the top it will have [Select] . Click on Select and it is done. Then just go to the next.
     
  5. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    Re:pG settings

    When you protect the exe's you are protecting associated processes as well.
    Protecting every application capable of connecting to the Internet is important, so are your systemfiles
    Dolf
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:pG settings

    Protek, I just showed the default ones that PG sets up on first install.
    There may be a registry way of making PG re ask but Jason will have to answer that.

    ZA already has shutdown protection I believe though I am not sure about Close Message Handling.
    Download APT from DCS and try it against the programmes you want to protect. http://www.diamondcs.com.au/index.php?page=apt

    You may find as you add to the list that logging occurrs a lot with certain apps so then you can enable the Allow buttons for that process this will stop a lot of logging, the allow functions are only applicable within the PG list so it will not compromise your security

    HTH Pilli
     
  7. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Re:pG settings

    Thanks for the quick answers :)
    Now that I have my system back running stable I was wanting to enable all the protections that were offered on install to find out for sure what exactly caused the BSOD's
    I think it was NSW loading so slow which caused bootvis to time out and mess up boot defrag. But the funny thing is that bootvis used to run on this system before I installed PG and now it always times out even after uninstalled PG and big ole NSW.
    Mabey there is another boot defrag tool besides bootvis? o_O

    I know windows "tries" to boot defrag itself (it is enabled), but it doesn't seem to do a good job of it and since bootvis screwed up that time, my system seems to boot slower. :doubt:
    I could run Drive Image and restore my disk back to a couple months ago but I would rather not lose all I've done since then... Might aswell do a fresh install if it comes to that point.
    :eek: An MS OS that has lasted 2 years without any BSOD's :eek:
    I never would have belived it :D
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:pG settings

    If you can find one, use a registry cleaner & defragger before using BootViz as after time the registry does get itself into a real mess and normal defrag does not do the job.
    I use the one in System Suite from www.vcom.com which requires a reboot to defrag the registry properly
     
  9. Shelb

    Shelb Registered Member

    Joined:
    Dec 3, 2003
    Posts:
    76
    Re:pG settings

    I had a problem a while back where I had to reinstall PG.
    To get the default list readded, I found this registry entry.

    HKLM\Software\Diamond Computer Systems\Process Guard\BeenRun

    Change this from 1 to 0 and PG will ask you to add the default processes next time you start it. :D

    The screenshot also omitted iexplore.exe which is PG also adds by default.
     
  10. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Re:pG settings

    Yes I do that regularly (probably why XP been running 2 years) and have done so several times since the problem.
    But I use jv16 Power Tools to clean the reg and then Registry Tool Kit which defrags the registry and then reboots system.
    I have found nothing that re- organizes boot files besides bootvis.
    I used NSW for system defrag before trouble. And have went back to Disk Keeper for system defrag since uninstalled NSW. But still bootvis times out and system boots slower than before.

    Maybe the one you mentioned is better, but I can't afford to buy another prog right now, Xmas got all my money now :D
     
  11. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Re:pG settings

    @Shelb wow we posted at exactly the same second :D
    Thanks for that reg key I will try that. ;)

    EDIT: Yes that value change worked THANKS :D
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:pG settings

    Yes thanks for that Shelb,:)

    And you are correct I do not use IE so I removed it from the list :(

    Have a Karma cookie!
     
  13. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Re:pG settings

    I'd leave IE in the list, simply because it is integrated into the OS and I doubt you have removed it (unless you use XPLite :))

    A trojan could shell iexplore.exe instead of the default browser and inject into it, which some do. Although it isnt in your firewall ruleset is it ? ;) But I'd prefer to prevent the injection in the first place :)
     
  14. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re:pG settings

    Thanks Gavin, Will do, a very useful tip for most users :)
     
  15. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    Re:pG settings

    i think you should try uninstalling PG, and then reinstall it. it might even help to straighten out your slow-boot problem.. it is not that much trouble to do. just make sure PG is not running when you uninstall it (if you uninstall it). try it. :)
     
  16. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Re:pG settings

    Yeah no help on the slow boot after re-install again... :(
    Well guess I'll just do a restore of backup image, or maybe a fresh install of the OS ;) I haven't decided how much time I want to spend on this yet.

    But I have noticed a ton of logging in PG from my anti-trojan "BOClean"
    it's trying to gain access to all the programs that are protected, so I allowed BOC all privlages and still it is logging a ton of access attempts in PG.

    How do I avoid all that logging ? o_O
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    If BoClean is on your list try ticking all the Allowed boxes, I assume this is what you did, this will allow BC to access listed programmes and perhaps prevent so much logging. You may have to close procguard.exe and re-open for the effect to take place

    HTH Pilli
     
  18. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Yes that's what I was saying, I did allow BOC all privlages (ticked all boxes)
    Still it seems that PG and BOC don't play well together :doubt: the same amount of logging is still going on. Seems like I've had a few things lock up due to them fighting over control here.

    Don't know what else I could do... well it doesn't seem like I have anything else I can try besides uninstalling one of them o_O
     
  19. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hmm Sorry to hear that, Does BC run OK without causing logging when not listed in PG?
    Hopefully Jason or Wayne maybe able to offer a solution, they will be dropping in here over the holiday period or possibly another BC user may respond.

    Pilli
     
  20. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Ok, well thanks for your help. :)
    I tried taking BOC out of the list and rebooting but it's still trying to gain access to all protected processes.
    I will wait and see if a solution can be found.

    [move]Happy Holidays[/move]
    ;)
     
  21. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    ProteK, Thanks for your patience. :)

    The seasons greetings to you
     
  22. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Strange new developments o_O

    IE has been shut down twice now by: DRWTSN32.EXE ( DrWatson Postmortem Debugger )
    Ok I've never had IE just shut down and dissapear from my screen before o_O
    It's clearly logged in PG as access was denied but yet it still kills it.
    I have no idea why this drwatson is doing this now... it never happened before :(

    Code:
    Welcome to DiamondCS Process Guard.
    This program does not need to be running for your system to be protected.
    
    [17:01:12] - Window Log Started
    [17:01:20] - Process Guard Protection is ACTIVE
    [17:01:35] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\smss.exe [796]
    [17:01:36] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\winlogon.exe [880]
    [17:01:37] - [P] - c:\progra~1\symant~1\symant~1\rtvscan.exe [732] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\explorer.exe [1976]
    [17:02:16] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\services.exe [928]
    [17:02:20] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\lsass.exe [940]
    [17:02:30] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [1124]
    [17:02:30] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [1432]
    [17:02:39] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\explorer.exe [1976]
    [17:02:54] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\processguard\pg_msgprot.exe [1228]
    [17:02:55] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\processguard\procguard.exe [1256]
    [17:02:57] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [1408]
    [17:03:32] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [2392]
    [17:20:23] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [3744]
    [17:22:53] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [3944]
    [17:35:07] - [P] - c:\windows\system32\drwtsn32.exe [2636] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [3944]
    [17:35:54] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [2700]
    [17:50:13] - [P] - c:\windows\system32\drwtsn32.exe [3704] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [2700]
    [17:55:41] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [1920]
    [17:58:00] - [P] - c:\progra~1\nsclean\boclean\boclean.exe [1192] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\program files\internet explorer\iexplore.exe [2128]
    Well there's a new thing for you guys to look at ;)
     
  23. donsan709

    donsan709 Registered Member

    Joined:
    Jun 18, 2003
    Posts:
    54
    Location:
    dallas tx
    Hey protek seems we both have the same problem on the bo clean logs hopefully these kind folks will get it fiqured out for you and i.I have also ticked all the allowed flags and still keep getting all these logs about bo clean trying to gain access.
     
  24. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    I don't know what caused IE to crash but it's NOT drwatsn32.exe
    For all that logging I suggest to give boclean.exe and rtvscan.exe full allow privileges.
    Dolf
     
  25. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Please view this thread in regards to DOS based pathnames , ie c:\progra~1 in your listing, and how PG currently has an issue with these.

    http://www.wilderssecurity.com/showthread.php?t=17451


    -Jason-
     
Thread Status:
Not open for further replies.