Possible Bug in PG V3.05

Discussion in 'ProcessGuard' started by siliconman01, Dec 6, 2004.

Thread Status:
Not open for further replies.
  1. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    On 4-December-04, I replaced Norton's LiveUpdater with the latest version 2.6.13. As part of this update, Norton changed the name of one of its modules from Lucomserver_2_5.exe to Lucomserver_2_6.exe. Lucomserver_2_5.exe was completely removed from the system.

    The first time Lucomserver_2_6.exe ran, PG properly barked requiring confirmation of the new module to be allowed to run...which I accepted and checked Permit Always.

    In looking in the Security section of PG this AM, I found that PG was showing Lucomserver_2_5.exe was present and had just recently run (about an hour ago). There was no Lucomserver_2_6.exe in the list. It appears the PG thinks Lucomserver_2_5.exe is the running module, not Lucomserver_2_6.exe. Is this a bug being caused by, perhaps the _ in the name of this module? Something certainly is not working right here. o_O

    Here is the log printout. The second entry is after I deleted Lucomserver_2_5.exe from the Security permits. Now it shows up as Lucomserver_2_6.exe.

    Sun 05 - 22:51:13 [EXECUTION] "c:\program files\symantec\liveupdate\lucomserver_2_5.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [732]
    [EXECUTION] Commandline - [ "c:\progra~1\symantec\liveup~1\lucoms~1.exe" -embedding ]

    Mon 06 - 01:45:30 [EXECUTION] "c:\program files\symantec\liveupdate\lucomserver_2_6.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [732]
    [EXECUTION] Commandline - [ "c:\progra~1\symantec\liveup~1\lucoms~1.exe" -embedding ]
     
    Last edited: Dec 6, 2004
  2. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    If you remove the PROTECTION you have given the _2_5.exe the problem should be fixed. ProcessGuard has to map 8.1 DOS directory names itself (can't rely on Microsoft) and since the filename is exactly the same ProcessGuard remembers that it used to be _2_5.exe because that is still in your protection list, before your _2_6.exe entry if you have one.
     
Thread Status:
Not open for further replies.