PG user would like some help?

Discussion in 'ProcessGuard' started by ohn, uk, May 27, 2005.

Thread Status:
Not open for further replies.
  1. ohn, uk

    ohn, uk Guest

    hello,

    i've recently installed PG as recomended by some of the user of this very good forum. It seem to work fine and i've taken it off learning mode - but every time i rebot my computer i get a message saying 'C:\program files\microsoft antispyware\gcasdtserv.exe was blocked from terminating' - Also above this it says allow or terminate the 'ZwTerminateProcess'.

    I would really be clad if anyone could help me with this. Is this anything i should worry about.

    Thank for all your help.

    John
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Microsoft Antispyware is trying to terminate what it believes to be a malicious process. This is a common occurrence with anti-virus/trojan/spyware scanners, they will try to terminate processes they belive to be malign. As a general rule they should therefore be allowed to terminate other programs in your PG Protection settings.

    The only valid reason for not allowing this is if MS-AntiSpyware was terminating a program you deem important and don't wish to be closed. This also suggests that you have every program listed on your PG protection list, including possibly malign ones if MS-AntiSpyware is not throwing a false positive. Going through that list and removing programs not needing protection would be a good idea in my view (as a guide, any security software and anything with Internet access should be listed).
     
  3. john, uk

    john, uk Guest

    Hi,

    Thanks for the advice Paranoid, but since putting Process Guard back on learning mode i dont seem to get the alert message. So hopefully i wont see this warning again. If i do i will follow your advice.

    Thanks for your reply, really helpful.

    John, UK
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Don't run Process Guard in learning mode - it will offer no protection!! Learning mode is only to help create a suitable starting configuration on a clean system since it automatically allows everything and creates appropriate permissions. If you pick up any malware, it would be allowed to do anything with PG in Learning Mode.
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Just an extra note - since you may have picked up malware (did MS-AntiSpyware give an alert?) I'd suggest giving your system a complete scan with an updated anti-virus/anti-trojan scanner.
     
  6. John, uk

    John, uk Guest

    Completey scanned my system with Mcafee, Ad-aware, spybot, and anti-spyware and Trojan hunter, but found nothing. only put PG in leasrning mode for a few start ups and it now gives no alert.

    Only thing that did worry me was that i cant find any info on what the ZwTerminateProcess is any ideas.

    Thanks for you help Paranoid

    J
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ZwTerminateProcess is just the name of the Windows function used.
     
Thread Status:
Not open for further replies.