Process Guard 3.3b losses settings!

Discussion in 'ProcessGuard' started by Alphalutra1, Jan 28, 2006.

Thread Status:
Not open for further replies.
  1. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Whenever I reboot my pc, processguard losses all of the protection settings, so it is practically worthless!. I am running the latest one that I just downloaded yesterday. I have the free version. It saved all of my settings from 3.15. However, it losses my protection settings whenever I reboot the pc. The protection section is blank. I need help here!!!

    Alphalutra1
     
  2. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    719
    Location:
    Toronto
    You were supposed to disconnect from the internet, shutdown PG, uninstall PG, reboot, delete the pghash.dat and pguard.dat files from the ....system32 folder before installing 3.3.
    When you install 3.3 you get new .dat files, run all your trusted apps while in Learning mode, without an internet connection to rebuild those files. Then turn off Learning mode and set any other options and then you can connect to the internet.
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Okay, I unistalled it, removed all the .dat files for processguard, and rebooted. I reinstalled it, did the protection stuff, and it didn't work!. I said to protect nodkrn.exe from termination, and I could terminate it with the kill demo!. I then rebooted, and guess what? Process guard lost all of the settings:ouch: So, I disabled protection, then tried to unistall, but guess what, it still protected me computer :mad: I finally ripped it out of my system and am very unsatisfied. I am removing, and trying the competitor, Online Armor.

    Very displeased,
    Alphalutra1
     
  4. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Alphalutra, you were supposed to remove PG in safe mode too. Here there's something wrong, with .dat files left or something else.

    Cheers,
    nicM
     
  5. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Well, its too late now. It would not have been very difficult for process guard 3.3 to just remove the files manually during the install, now would it:blink: ? I am enjoying Online Armor btw. I might retry process guard after the trial, but who knows:gack:

    Alphalutra1
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    You are not serious about that are you? How in the world would someone run over 200 applications for PG to learn while off line? For that matter, what about your browsers? They need to be run on line. I have never done anything like this with PG and would never do so. I just run it in learning for maybe two weeks at least and even then I have lots of applications that haven't been run.

    I think the biggest drawback to using this new version is that I cannot carry over all the settings from 3.15. I am just running the free version right now because I am getting a new computer end of next week (unless it gets screwed up again). I'll have to start fresh on that computer. It took months before I had 3.15 it running right on my current host computer. Once PG learns everything, it is a great application, but it takes an awfully long time to learn everything.
     
  7. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Two weeks!! :eek: Wow, that makes a lot. Usually I let it for less than a day/few hours in learning mode, I just make sure to launch most of my programs, check for updates for thoses who need, and that's OK...But I guess you are using more programs than I do :) .

    Cheers,
    nicM
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    A few things :

    Loss of settings is likely data corruption, or perhaps a rare bug in some condition your PC has - we would appreciate help tracking this down. Perform a repair (chkdsk /f) and ensure complete removal of old versions before trying this beta.

    This suggests you didn't completely set up PG, running kill demo in Learning Mode. Please follow the guide in the help file and completely set up PG before trying to TEST your system !

    Mele20, there's no reason why you can't setup protection while offline. Just execute the program and close it, a browser simply needs to be opened and closed. Most programs need this, and if you DON'T block global hooks, there will be a lot of programs you need not run at all (they wont ever need ALLOW)

    Finally, I'm sure PG4 will be far superior, as far as system integration and ease of use go. We've learned a lot about what to protect, and what people want/need :)
     
  9. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    581
    Location:
    South Carolina, USA
    for me, setting up PG's "protection" is not difficult at all.. i can do it very quickly.. yes, over the course of time, new things "pop up", but that is not a problem, either..
     
  10. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Sorry, but I was not in learning mode!!! I have had this product(3.15) for at least six months and know how to configure the free version pretty well. I also like my pc, and don't want to screw it up figuring out a bug. Sorry, but I probably will wait until version 4 comes out.

    Alphalutra1
     
  11. Jan J

    Jan J Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    22
    Location:
    Skokie, Illinois
    I'm posting this in multiple places.....

    May I please make a suggestion for the website....

    Seeing that the uninstall an re-install of PG has more steps and procedures that a normal uninstall/re-install...........

    May I suggest a printable list of steps be posted (And Updated), so that current procedures would be easily accessable to all, and mistakes and forgotten steps can be minimized?

    As is now, looks like I need to printout 3 or more different messages in multiple threads to get this information....

    Thanks...
     
  12. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    719
    Location:
    Toronto
    Yes, I am.
    One at a time.
    They are, when I'm ready.

    I have and it's not any trouble, really, for the added security. of not exposing my system to 'anything that wants to run can bury itself deep inside for unknown purposes'.

    I'd agree here, the installer should be able to read the 3.15 format and create the 3.3 format (or whatever) without the user's assistance.

    Good luck, stay safe.
    Jim
     
  13. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    719
    Location:
    Toronto
    Hi Jan, and it sounds like there are variations by OS. For example, I've never had to boot into Safe mode using W2K but it may be necessary for XP-SPx.
    Maybe the folks at DCS can provide the documentation formally each time they announce a new version/modification. Wayne did provide warnings in his announcement in this thread, but might have been more specific. The best solution of course would be to provide a more comprhensive installer.

    edit: see thread https://www.wilderssecurity.com/showthread.php?t=16931 re uninstalling PG, however it was last updated in late 2004.
    Cheers,
    Jim
     
  14. Juggernaut

    Juggernaut Registered Member

    Joined:
    Jul 27, 2005
    Posts:
    60
    Let's not lose sight of the key word here....BETA
     
  15. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    719
    Location:
    Toronto
    True........ but some points are salient.
     
  16. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Please check both the Attributes and Permissions of the pghash.dat and pguard.dat files (they're in your \Windows\System32\ directory), as this sounds like it could be a file access problem. Are you logged in as an Administrator?
     
  17. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi,

    I'd love to see a Hijackthis log from Safe Mode, and our ASViewer program too - can you do that ? (send to support email please)

    There may be something drastically wrong with your system - PG uses simple methodology, its the careful placement of protection that makes it powerful. For what you describe to happen, there must be something very wrong. Either a severe driver conflict with something else, has never been reported so that's the least likely problem.

    My thoughts are that your system has hardware problems such as data corruption, bad sectors or possibly even imminent drive failure. I've only seen WEIRD behaviour on a system which had filesystem and free space errors, once fixed it WORKED 100%. I highly recommend a CHKDSK /R be scheduled and performed.

    I hope there is no such problem, but its best to be sure. If you email, please let me know as many details about your system as possible - CPU speed and type, OS, how long since formatted, what software is installed, everything ! :)
     
  18. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Another idea.. do you happen to run McAfee with it set to wipe out detected viruses automatically ? A user reported a false alarm with McAfee on procguard.sys yesterday !

    If the driver gets removed by another kernel driver (AV driver controls the filesystem) then obviously PG can't do its work !
     
  19. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Even if I did what you suggest, I would not think about such programs as dwwin.exe, dumprep.exe and drwtsn32.exe. On Jan 27, PG IN LEARNING MODE, blocked dwwin.exe and dumprep.exe from modifying Firefox. Today, Firefox crashed and PG, IN LEARNING MODE, stopped drwatson from terminating Fx.

    Why did PG stop them when in learning mode? I got no popup asking if I wanted to allow. I saw the green unlocked PG icon in the systray turn red and locked and Fx was thrashing around (2 application hangs on the 27th and one application error on the 29th) and I had to pull up PG to see what it did both times. I don't get the popups when the icon goes red because I block balloon tips in XP. I really wish this version of PG had provided another way than balloon tips to see when PG blocks something. Most every problem I have had with PG can be traced to my not seeing those balloon tips. If I enable them then they constantly popup from other things not PG and that drives me nuts.

    Basic windows applications like the three mentioned here should AUTOMATICALLY have been in PG's list to allow to start and should have also AUTOMATICALLY been given proper authorization that each of those would need. Plus, I am just using this as the free version as I have a new computer coming this week and I saw no need to install the full version when this computer is going back to Dell soon. If I had the full version installed, with everything checked as I do on my host box running 3.15...gee, there is no way I could start everything off line and get all permissions set up. It would take forever.

    The settings for 3.15 should carry over to 3.3.
     
  20. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    Sure, I will get around to that sooner or later. Keep in mind the fact that I don't have process guard installed on my system. I will send you an e-mail with the specs in around a week. Soccer has just started up so I am kinda busy. I will get back to you soon. And no, I don't have McAffee(don't go near the stuff :p )

    Alphalutra1
     
Thread Status:
Not open for further replies.