PG V3.150 and last weeks MS updates

Discussion in 'ProcessGuard' started by Jan J, Jun 22, 2006.

Thread Status:
Not open for further replies.
  1. Jan J

    Jan J Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    22
    Location:
    Skokie, Illinois
    Want to pass along something that occurred last week after the MS updates...
    Two fairly simelar computers... Gateway 2.2 and Dell 2.8, both XP home.
    Both running BID and PG V3.150, AVG PRO.. Prior to updates both PG programs put in "LEARN" mode.

    After updates, Gateway rebooted fine. Dell locked up with no start, no systray. Since no start, no access to other things, and power cycle only recourse. From safe mode, I did a restore to a week prior, and all was fine.
    I removed Black Ice, did the MS updates and on restart, found that BID was not the cause.
    Another Restore, removed BID and PG, then did MS updates. Reboot fine.
    Then re-installed BID, and PG, and left PG in learing mode.
    Next day all is fine, but following day, system locked up with no Start and Systray again. Processguard was removed in safe mode.

    All this was a week ago... No problems since... With PG removed from Dell.

    However, tonight, out of the blue, the Gateway started acting up... I was able to determine that the file that PG was blocking was wgatray.exe.
    Got into PG enough to tell it to allow memory execution.... Reboot. fine!!!
    PG is now allowing wgatray.exe to run now....

    As a follow up to all this.... I have a hunch that BID also 'missed' something in the MS updates from last week as well, as I kept getting application protection prompts, even after the MS Updates (which were installed in the BID "Install" mode) and scanned afterward...
    What I did to get around that was Halt BID Application Protection, toss the BID checksum file, restart the application, and do another Basefile for Application Protection.... THEN BID was fine!

    My relatively un-professional guess is that something in the MS updates is getting past the Applications Protection portion of Processguard AND BID.

    Jan
     
  2. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    i have not experienced any problems relating to PG and "windows updates"..

    i did have to add wgatray.exe to PG's protection so that wgatray.exe could "read" winlogon.exe (i have winlogon.exe protected from "read")..

    p.s. i don't know what "BID" is..
     
    Last edited: Jun 23, 2006
  3. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    BID is BlackICE Defender, which I believe the post mentions. The issue may be related to Windows Genuine Advantage Notifications, which is technically a beta but is pushed out as a critical update. Unless you didn't install it, that is. Either way WGA is apparently fussing over your current setup. I haven't had any problems myself with no wgatray.exe in my list and with winlogon.exe protected from reading. I can't say for sure, but maybe WGA is flagging your systems' OS as pirated? This might explain why XP is having a fit in regards to normal boot, but this is just a shot in the dark. :doubt:
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    I highly recommend you disable PG instead of Learning Mode. No chance of problems, Learning Mode on for 1 reboot instead if a reboot is required.
     
  5. Jan J

    Jan J Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    22
    Location:
    Skokie, Illinois
    I've been watching the bootup on the computer that still uses PG, and I find that with EVERY Bootup, wgatray.exe is being blocked 105 times from accessing physical memory, then it stops...

    The number 105 is seen each day....

    On same alerts screen there is a "allow Phys. Memory" button.....

    Should I let things continue as it is, or click on Allow Phys. Memory, or o_O?

    Thanks.
     
  6. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    seeing it is an official windows exe ... i would say allow it to access Phys Mem

    if however you do want to block it and reduce the number of alert messages, try blocking it from execution (although with this particular exe it may have negative effects on windows update)
     
  7. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well, given the numerous complaints about Windows Genuine Advantage, this is one time when people may feel justified in blocking an "official" Windows file.

    Jan J, you may wish to check out GKWeb's RemoveWGA as another option to deal with this unnecessary item.
     
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    imo, yes, jan, you should allow "wgatray.exe" to access memory since it apparently needs to access memory.. i would allow any legitimate programs to have whatever priviledges they need except that i have some of them set for "allow once"..
     
  9. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    Microsoft was hit with second lawsuit over WGA http://news.zdnet.com/2100-3513_22-6090651.html
    @redwolfe I got the same thing.
    [edit]PG just asked me if I want iexplore.exe to access access memory
     
    Last edited: Jul 6, 2006
  10. Pigitus

    Pigitus Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    97
    Location:
    USA
    Thanks, Carver and Paranoid2000, for your links.
     
Thread Status:
Not open for further replies.