Process Guard 3.4 and WGA

Discussion in 'ProcessGuard' started by DAMOX, Jul 9, 2006.

Thread Status:
Not open for further replies.
  1. DAMOX

    DAMOX Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    21
    I wanted to report that I ran into an apparent issue between Process Guard 3.4 and the Windows Genuine Disadvantage Tool. Initially, I mistakenly thought it was a conflict between Process Guard and KAV 6. I had just installed KAV 6 and Process Guard 3.4. I had completed the initial part of the learning phase and had just rebooted to complete the Learning phase, when after logging on, my computer locked up. I could see that there was an obvious confrontation taking place, because my hard drive light was flashing furiously indicating activity, but I couldn’t get anything to work. The only thing I could do is a hard shut down. I tried logging on a few more times, but each time the computer locked up. Since I had been having problems with KAV6 after installing it under Process Guard 3.150, I thought the new problem stemmed from a conflict between the two programs. So I temporarily disable Process Guard from starting up and rebooted the machine, and the lockup didn’t occur. I then started Process Guard manually, at which time the computer did not lock up. That gave me a chance to get a look at the logs and found that wgatray.exe had been continually trying to access physical memory and was being blocked by Process Guard. I had been posting this on the Kaspersky Labs Forum because my initial problem was with KAV6, and Don Pelotas from Kaspersky pointed me to a WGA Removal Tool. After removing the Windows Genuine Garbage, I re-enabled Process Guard, rebooted, logged on, and found that Process Guard 3.4 and KAV6 were coexisting peacefully. I am a bit leery of allowing the WGA tool to access physical memory, especially since there is a worm out there that looks and acts like WGA. Also, I had thought that I tried allowing it, but it still locked up. Not sure about that, but I will try to avoid installing WGA in the future. I try to work with Microsoft, but sometimes they make it impossible.
     
  2. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    780
    Location:
    West Virginia (USA)
    There are several other MS programs in PG that have to access physical memory...Winlogon, svchost, smss, etc. Why would wgatray.exe from MS be any more suspicious than these older MS pgms that are part of Windows....(not withstanding the great debate that is going on about wgatray itself ;) )
     
  3. DAMOX

    DAMOX Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    21
    I guess in my mind it's because there is a worm by the same name that imitates WGA! Also, as I said, I thought I'd given it permission to "access physical memory" and I still had a problem, but I could be mistaken about that.
     
Thread Status:
Not open for further replies.