Problems on Shutdown

Discussion in 'ProcessGuard' started by Rasheed187, Apr 30, 2006.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I couldn´t reply in an older thread about this subject (what´s up with this?) so I started a new one.

    I´ve noticed that PG can cause problems when shutting the system down or putting it in Standby mode, and the only remedy is to put it in learningmode, so I wonder what does PG exactly do in learningmode? And is this problem related only to PG or can there be other possible causes? :rolleyes:
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Learning mode, as mentioned here and in PG's help, adds permissions for any blocked actions (so they are not blocked in future). This of course, includes malware, so having it enabled pretty much removes any security PG can provide (hence the advice about installing PG on a known clean system).

    To find out what your problem was, you need to review PG's logs (kept in the Logs subfolder) to see what was happening, then create appropriate permissions to cover future occurrences.

    The only issue I've encountered on shutdown is with Human Verification prompts (since I use SMH) and all this requires is clicking Cancel a couple of times to allow shutdown to proceed.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Thanks for the feedback. The reason why I asked was because I´ve noticed that when in Learning mode (LM) I don´t have any problems with shutdown (most of the time), but these problems can come back after a while when PG isn´t in LM anymore. Btw, I did uninstall PG a while ago and I sometimes still had problems, but perhaps I didn´t uninstall PG properly.

    But I assume these shutdown problems can arise because of the nature of this app. Can these problems be caused if you misconfigure this app? And PG fixes this while in LM I assume? I have also taken a look at the logs but it didn´t help me much, I didn´t see anything strange. The last few days I have put it in LM so I hope it will do the job now. :rolleyes:
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Just to repeat the point PG provides no security in Learning Mode - if you are using this all the time then you may as well just uninstall PG. As I mentioned above, you need to look at your PG logs to see what happened (and what, if any, permissions need changing).
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    I do know that you shouldn´t run it in LM too long, and of course I also monitor the protectionlist while in LM. But does PG still protect all processes even in LM? Or is it completely disabled? I´ve learned something new then. :rolleyes:
     
  6. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    In Learning Mode, anything that would normally be blocked is blocked but a corresponding permission is created to allow it in future. So if malware tries to kill other PG-protected software while in Learning Mode, the first time it will be blocked but PG will then give it Termination privilege so it will be allowed thereafter.

    PG is not disabled in LM but it might as well be from a security perspective.
     
  7. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    But this is no big deal since you can remove processes from the protectionlist, and malware processes should show up in the list as well, am I correct? I mean I often see PG adding certain apps to the list (during LM), but I remove them right away if I feel they shouldn´t be on the list.

    And btw, the last few days my machine seems to shutdown correctly, but whenever I turn on "Clear pagefile on shutdown" it goes wrong again. So perhaps I should put PG in LM again, makes me kind of wonder what the hell it´s doing in LM (yes I know what it´s suppose to do) but how is it exactly related to my shutdown problems? :blink:
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Yes, you can remove programs that shouldn't be there - assuming that they haven't killed off Process Guard itself (which malware given physical memory or driver access could do). Also any rootkits would have been able to install so removing their entry afterwards would likely have little effect.
    Perhaps you should keep the "Clear pagefile..." option disabled? It is of little significance if only you have access to your PC. If you wish to keep using this, then checking the PG logs to find out what the problem was would be the proper step to take, not disabling PG's protection (which Learning Mode effectively does).
     
  9. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Just for the record, I´m of course not running any unknown apps when in LM, the only thing I do is running all (trusted) apps that are already in the list and I shutdown my machine a couple of times since this seems to solve my problem. I still don´t know why PG should cause any shutdown problems though.

    And yes I think it best to leave the pagefile clearing option disabled (I´m still cleaning it once per month) because this has always caused problems (even without PG) since I bought this machine about 6 months ago. :cautious:
     
  10. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    Let me get this straight ... by 'problems at shutdown' do you mean that it takes a long time or something else?
     
  11. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    What about WaitToKillServiceTimeout ?

    See here : http://www.tweakxp.com/article37045.aspx

    If this improves your shutdown dramatically then it is a non responsive service and the event log should indicate more useful information
     
  12. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    @ some made up name

    It´s not about "taking a longtime to shutdown" (I could live with that) but often my system would not shutdown at all. However, like I said before it seems that PG is the one responsible for this because when I put it in LM a couple of times, the problems seem to disappear.

    @ Gavin

    I have enabled the "fast shutdown mode" (and disabled "Clear pagefile at shutdown), since this is working best for me. I think "fast shutdown mode" is related to the setting you mentioned but these settings are most likely not the cause. And if I´m correct this mode should kill hanging services and processes automaticly.

    But for the last few days I don´t seem to have any problems at all, so whatever I did I fixed it, at least for now. But I guess you´re saying that PG should not cause these problems? Then it is indeed strange. Other then some DCOM errors I don´t see anything strange in the event log.
     
  13. some made up name

    some made up name Registered Member

    Joined:
    Jan 31, 2006
    Posts:
    60
    ok ... I just want to add that i have PeerGuardian2 installed aswell, and whenever i leave that running while shutting down, the shutdown takes a very long time. I've learned to shut it down before the rest of the system now, so i can't quite remember if putting processguard into LM / disabled also 'fixed' the problem.

    Point being, although processguard may be a reason for the problem, it may be another program triggering the problem.

    And so this doesn't sound too offtopic, the slow shutdown and stalled shutdown could be linked ie. could be the 'same' problem, both are likely to be an 'infinite loop' of some kind, but with one not finding a condition to exit.
     
  14. strangequark

    strangequark Registered Member

    Joined:
    Jun 22, 2005
    Posts:
    296
    Location:
    OZ
    Yep, I also have Peergaurdian2 installed and it can really put the brakes on shutdown.
     
  15. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Well, I´m now almost 100% sure it´s PG who is causing my shutdown problems, the only way I can be certain that my machine will shutdown is if PG is in "learning mode", so I´m afraid I will have to uninstall PG (free edition btw).

    But since I will now no longer have the protection of PG, I wonder if my system is now more open to attack, currently I´m using ZA Pro and Neoava Guard as my realtime protection tools. I know NG can also protect processes from modification, but I´m not sure if PG´s protection is more comprehensive, any comments about this? And what about "read protection" is this important too?
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Well you could try checking out System Safety Monitor which has recently released a free version (see the System Safety Monitor (Free Edition) thread). Further discussions/queries about SSM should be made there rather than here though.
     
  17. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,010
    Location:
    The Netherlands
    Yes I will probaly install SSM, it covers just about everything PG is covering right? And I still wonder if it makes any sense to protect certain processes from "reading". I think only PG and ProSecurity are offering this at the moment. And I also still wonder if PG´s modification protection is more advanced than in other tools.
     
Thread Status:
Not open for further replies.