Problems with Unknown program

Discussion in 'other software & services' started by Carey934, Dec 18, 2005.

Thread Status:
Not open for further replies.
  1. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    A customer recently called me who could no longer obtain a TCP/IP address from his router on his Windows XP system. We uninstalled Norton and Zone Alarm, rebuilt the Winsock and still only recieved a 169.254.x.x APIPA address from Windows.

    We placed a static address in the TCP/IP settings, that also did not permit access to his LAN or Internet.

    We uninstalled and reinstalled the NIC, as well as replaced the drivers, and the network cable running from the PC to the router and none of it made any difference.

    We tried recreating the WinSock and WinSock2 registry keys and Windows would not allow it.

    We also tried re-registering many of the component files required for networking, which also made no difference.

    When I had the customer look through Services of MSCONFIG, after checking HIDE ALL MS SERVICES, he read to me (phone support) something called DIAMOND CS GUARD in his services section. Neither he nor I recognized it. I asked him to check his Control Panel and to remove the items, if they were offered, in Add/Remove Programs. They were, and he did uninstall them and reboot.

    After more than two hours on the phone and several reboots, this problem was finally resolved by removing this software. I have no idea what this software is. I am a radio personality for the Computer America show, a computer book author and a PC technician with more than 15 years of professional PC repair experience and this problem really had me stumped, as did the solution.

    The customer has no recollection of installing this software and has no idea how it got on his system.

    My question is this: Is this a common problem and why would I recommend this software to my customers?

    Thank you,
    Carey Holzman
    co-host: Computer America
    ~removed e-mail addy~
    Author: The Healthy PC
    Author: Tom's Hardware Guide
    Author: CMP Media's ~removed e-mail addy~
    ~removed e-mail addy~
     
    Last edited by a moderator: Dec 21, 2005
  2. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Re: Problems with ProcessGuard

    Hi,

    Hardly a common problem, nor is it something caused by PG. Why ? because PG doesn't touch registry entries concerning adapters, and would not block a change to them. Only registry blocking software is likely to do this, which could however be conflicting with PG if either was installed incorrectly.. this seems a possibility from the info given.

    ProcessGuard when installed MAY however have been incorrectly configured, I guess if "block new and changed" was turned on and the user ignored the huge warning, and then some router configuration program tried to run and was blocked, then YES PG could cause this. But outright no, not the program :) This seems by far the most likely situation.

    If you are using this software you should read the help file, it took a lot of time and is loaded with information.
     
  3. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    The service I shut down was called Diamond CS Guard. I have no idea if that is Process Guard or which product it was specifically, except to say removing this service resolved all of the problems with the PC being able to recieve an IP address from the router.

    With this service running, APIPA kicked in giving the PC a 169.254.x.x IP address. You can hardly imagine my frustration of finding the source of this problem. It's fair to say I am not impressed. Whatever Diamond CS Guard is, clearly it locked this customer out of his own system which required a technician to fix. Perhaps a disclaimer should accompany this product that it is intended for advanced users only?

    What is Diamond CS Guard and what was it doing on this customers system? He claims he did not knowingly install it. Perhaps you have affiliates up to sneaky business?
     
  4. pasito

    pasito Registered Member

    Joined:
    Dec 8, 2005
    Posts:
    22
    Re: Problems with ProcessGuard

    His dog, neighbour or wife installed it? Or someone hacked your clients PC and decided to install it for him? who knows. :rolleyes:

    Does his computer have a special login program to log him into the Internet that installs a rootkit driver each time? ProcessGuard could of been set to block it.

    In a nutshell, ProcessGuard can block applications from unwanted termination, rootkit/driver/service/global hooks and code injection attacks. And also has other misc things such as stops applications that have been modified from running. So you see, ProcessGuard obviously would take some configuaration fine tuning.

    ProcessGuard does alot more than I have listed, as i'm still new to it and i'm waiting to get my new job so I can buy my new computer and register ProcessGuard.


    I am not supported nor affilated with ProcessGuard in any way.
     
  5. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Re: Problems with ProcessGuard

    Hi Carey934,

    You would do well to educate yourself about Process Guard before making allegations that have no foundation.

    Nick
     
  6. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    I can only speak of my recent experience concerning it. I have come here looking for answers to educate myself. Hence my post and this conversation.

    Can someone please tell what Diamond CS Guard is? Is it the process guard we are talking about that I am assuming it is, or does it perform some other function?

    Clearly blocking the PC from obtaining an IP address is something I do not consider to be a feature...
     
  7. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Re: Problems with ProcessGuard

    The services I see associated with ProcessGuard is pgaccount.exe, procguard.exe and dcsuserprot.exe. I don't see a Diamond CS Guard or any variation of that running.
     
  8. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    Thank you. Part of my dilemma is trying to figure out what Diamond CS Guard is doing in MSCONFIG and what product family it belongs to...

    Anyone?
     
  9. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Re: Problems with ProcessGuard

    Okay, dcsuserprot.exe is listed as DiamondCS Process Guard Service v3.000 when I open up msconfig. I was just looking at my Task Manager. Could that be what your customer saw? Sorry for the confusion.
     
  10. cosmicvoid

    cosmicvoid Registered Member

    Joined:
    May 19, 2005
    Posts:
    7
    Location:
    Left coast, USA
    Re: Problems with ProcessGuard

    Seems like your customer might have read the name wrong, or else it is something masquerading as a Diamond CS product.
     
  11. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Re: Problems with ProcessGuard

    In XP Pro in Services (local) it says Diamond CS Process Guard Service v 3.000 is "used in Diamond CS products for various security purposes".

    Note the word "Process" is there. You are saying your customer had "Diamond CS Guard" in MSCONFIG services. That could be something masquerading as Process Guard.
     
  12. Joliet Jake

    Joliet Jake Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    911
    Location:
    Scotland
    Re: Problems with ProcessGuard

    It wouldn't have been CS Guard as in....

    http://www.halflife.pl/download.php?id=425

    or here...

    Yesterday United Admins announced their first official release of CSGuard (versioned 8.00). But although it is their first release since they acquired the source from OLO, it will also most likely be the last under the name 'CSGuard':

    http://www.ukterrorist.com/news/1885/
     
  13. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    Well, Diamond was in the name, and it was listed in Add/Remove Programs. It is entirely possible it was some other CSGuard. But because he read it to me as Diamond CS Guard, my Google search landed me here.

    And let's not forget whatever it was, it was offered in Add/Remove Programs, so that suggests some legitimacy...
     
  14. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Re: Problems with ProcessGuard

    If you go back into Services and check the properties of DIAMOND CS GUARD....what is the file name and where in the file system is it located ?
     
  15. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    It's been uninstalled from a customer who called me from more than 2,000 miles away because no one could resolve the issue with his PC being unable to obtain an IP address from his router.

    I worked with him for 2 hours over the telephone and I am conveying what he read to me. He has since uninstalled the software and I am doing some investigation as to what software would block a PC from obtaining an IP address and why. It's not possible for me to go back and look at the services or files, since they are now uninstalled and the customer is back up and running. It was definately one of the most difficult networking problems I have had to diagnose in more than a year.
     
  16. Brinn

    Brinn Registered Member

    Joined:
    Aug 5, 2004
    Posts:
    181
    Location:
    Canada
    Re: Problems with ProcessGuard

    I had a problem where I manually disabled some services which led to the DHCP Client being unable to start up even though it was set to Automatic. I couldn't obtain an IP address because of this. Perhaps PG didn't fingerprint properly, blocking a startup service which led to a similar situation.
     
  17. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Re: Problems with ProcessGuard

    If it was some serious definite problem (if PG had registry blocking) then I think it would be more widespread than this. As I said above, if there was some application being blocked then YES that could be the cause.

    ProcessGuard is installed by a human. There is no possible way it got onto a machine without being put there. It just wasn't installed properly. Hopefully the newest version and website FAQ, articles and guides will be enough so that more and more users can easily protect themselves. Rootkits and DLL trojan techniques are serious problems and used more and more commonly in new malware.
     
  18. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    Yes, which is why we tried a static IP. Which also did not work.
     
  19. Carey934

    Carey934 Registered Member

    Joined:
    Dec 18, 2005
    Posts:
    12
    Re: Problems with ProcessGuard

    I suppose the idea that it's possible to not install the software correctly suggests only a user of advanced knowledge use this product. Installing most software simply requires running setup and clicking Next until the installation is complete. Is your software different in this regard?
     
Loading...
Thread Status:
Not open for further replies.