Process Guard v1.150 Released!!

A new version of Process Guard is ready to be released!

*** IMPORTANT***
Before installing this version, please make sure you have completely removed any previous versions of Process Guard.
**************

New Features since last build :-
-Fixed a lot of bugs, including the majority of Unknown flag ones, etc
-Changed pg_msgprot.exe to be a service. This EXE handles close message handling
-GUI enhancements, Window and Column sizes are now saved
-Added two more columns to the display, and made them sortable

Todo List :-
-On Windows 2000, APT's Kill 5 can still close down protected applications. Expect this to be added in a coming build
-SetWindowsHook protection will also be added in a coming build.


Please be aware that if you experience any problems with Process Guard that makes you unable to boot into your normal operating system, you can safely uninstall Process Guard from safe mode. As it is not active in Safe Mode.

Download the FREEWARE version of Process Guard here :-
http://www.diamondcs.com.au/processguard/

Process Guard protects your programs actively and is available for Windows 2000, XP and 2003.

People who have purchased Process Guard just need to log into the members area as usual and grab the latest download.
http://www.diamondcs.com.au/processguard/index.php?page=members



-Jason-

 

I suggest uninstall/reinstall to ensure proper updating - if any part of Process Guard is in use it wont be updated.

Disable protection - then close the GUI
Stop PG_MsgProt.exe OR uninstall and reboot

Then install

 

Working fine here on XP Pro & Server 2003

 

Here's PG V1.150 stopping APT killing OutPost Pro V2 Under Windows Server 2003

 

why not with me ?

When i reboot, the window which was maximized is again normal, and columns that i resized are again on their default size.

Apart of that, all works fine.

 

Hmmm ok well.. set up PG how you want it then CLOSE it. Then start it again.... oh wait no I know. It doesn't save maximised. But drag the edges of the window to make it NEARLY full screen. Then close and reopen and it has saved it. We can easily work on this to make it move user friendly I can imagine some users on 800x600 would want it to open maximised all the time

 

thanks you

 

Oh good

Hmm the shortcut cant have its properties changed to maximise will look at this too. It works if PG isnt already running and you run a shortcut like that, but if its running and minimised it restores it, to non maximised state.

 

Hmm now, at startup PG seems to start very early, when there are no icons in the systray (i see the windows "flashing" before it minimized)
And i don't know why now, it doesn't add his icon in the systray.
But it is launched, i can see it on the taskmanager.

If i click on the shortcut, and i exit it, i can launch it again from the shortcut and this time it adds his icon on the systray.

is this a bug ?

 

No it's a "feature"

I'm sure Jason & Gavin will sort it all out

 

a feature to make their customer mad :

systray icon : look at me !
am i here ?
or here ?
no, here !
and no, jk, i'm not here ^^
where am i ?
yea you found me ! congratulation!

 

Hi Pete, I believe there are a few extra tweaks in the full release

 

Hi there!

Okay... retested with PG 1.150...

As Jason stated... on W2k it is still possible to kill Outpost Pro V2
with APT #5... This time it took longer till it went down... but down it went

But else the new Version works perfectly for me!

Well done! (and I'm sure you guys will win the battle against W2k in one of the next Versions )

Storm

 

Let me add a couple of other things (that I've seen on my systems with the latest versions - also happened on earlier ones....)

I generally get "could not attach to kernel mode driver" errors post PG-install if I do the install with KAV CC active - it's probably best to kill this process (and other "protected" apps - ZAP maybe?) for the install of PG.

If a logfile doesn't already exist in the ProcessGuard directory, it doesn't seem to create one on the install (or anywhere else). Simply create an empty file with any appropriate name and a .log extension and place it in C:\Programs\ProcessGuard directory. Double click PG in the system tray and select Options>File Log>Set Logfile Path, select the empty file, press Save, and logging is good to go if it hasn't been already.

Overall - v1.150 seems very much improved. Remote Desktop Connection remains alive and well (v 1.100 did not play well with this XP facility at all...).

Blue

One more thing - if you run TDS3 and have Exec Protection installed, it seems that the install will go smoother if you remove Exec Protection/reboot before going forward with the PG install (naturally exiting TDS3, etc., beforehand). Maybe this is covered elsewhere - hadn't seen it if so.

A second addendum - I'm still having problems on one PC with a clean install of PG. I've tried all the usual things. Looking for remaining files, making sure a minimal set of processes are running, etc. I even did a repair of KAV and removal of TDS-3. So far nothing has worked. Symptoms are always the same - "Could not attach to kernel mode driver" after the install of PG and reboot. System is a Dell 4500 with XP Pro (the same as 3 others that seem to work fine). Any suggestions for a particularly stubborn install? Tomorrow I plan to verify that the PG uninstall is complete, uninstall KAV, reboot with autostart programs disabled and install from there (without KAV on the system).

 

Just wanted to add a comment about Outpost Firewall version 2 in XP Pro. Using Process Guard 1.15, and running the Process Kill Demo, Outpost Firewall will sometimes escape being killed and on other occasions it will display an error message stating it has problems and to notify Outpost (Agnitum) about it. If you press OK on this error message, the Firewall closes itself. It can be manually be restarted however.

 

Will PM you an email address. Please send ASViewer results so I can see what else is installed, and run it from safe mode if you dont mind.

http://www.diamondcs.com.au/index.php?page=asviewer

As usual, make sure its showing all autostarts, drivers etc

 

Hi BlueZannetti ,
A few things to try.
Disable all protection including those in the General section & close procguard.exe.
Do the uninstall, boot into safe made, open regedit, using Find search for "procguard" & remove all entries, do the same again using "process guard" as your search. You will find at least two "Legacy" entries these can be left.
Ensure that procguard.sys, pg_msprot & procguard.dll are removed from their respective folders /system32/, system32/drivers/ & the PG folder
Reboot and try a clean install.

HTH Pilli

 

Just to bring everyone up to date...

I tried everything that's been suggested thus far, no joy yet. Sent Gavin a number of ASViewer logs. I have 4 PC's on which I've installed PG, 2 work fine, 2 don't. The ones that don't are the PC's used by the kids for gaming, music libraries, and are wireless connected. On an organized scan of the ASViewer logs comparing the results on the 2 systems on which PG works with those on the 2 systems with problems, the following entries are common on the problem systems but absent on the working systems (I'm working on the assumption that the problems are due to an incompatibility with an installed application or feature on those systems)

1. C:\WINDOWS\System32\DRIVERS\secdrv.sys – Macrovision Security Driver v 3.18.00 (that’s really not a good sign in my book….)
2. C:\WINDOWS\wanmpsvc.exe – AOL WAN Miniport (ATW) Service
3. nwiz.exe /install – Nvidia video card wizard
4. HKLM\System\CurrentControlSet\Services\SimpTcp\ - Microsoft TCP/IP Services driver
5. HKLM\System\CurrentControlSet\Services\WANMiniportService\ - see # 2

My instinct says it's likely due to #1.

Blue

 

Interested in secdrv.sys of course please send it to me ? Well in another thread I've mentioned it may be a timing issue, can you remove the startup for PG on that machine and boot, then start it manually after a few seconds ? say 30

 

Hmmm...

OK - the file has been sent for you to look at.

I've reinstalled PG on one of these PC's. The initial install and restartup was OK. Protection was enabled at that point. Restarted again. Complete crash on the restart (not even a BSOD). Power cycle the PC and no problems thus far. PG starts fine for the handfull of times that I've tried with restarts. This is a standard install - no disabling of PG on startup yet. Maybe it IS all in the timing. Remember, the other thing unique about the 2 problem PC's is that they're on wireless and the situation on establishing network connectivity during bootup is a little more fluid than the hardwired systems and due to some home construction I had to reposition the wireless access point this AM - that's the only other change from previous days (although signal levels were fine on the previous days).

Added - Just finished the install on the second PC. Same developments, except here I have an intermittent failure to attach message on this PC. Yesterday the messages were constant. Right now, the problem is very inconsistent. It occurred once on the second restart. I tried to validate the problem as persistent, but gave up when the next 10 restarts succeeded. At this point I decided that I can't test removing PG from the startup easily right now - maybe sometime in the future when the constellations are in (or out of) alignment. As a firm believer that the 1's and 0's of these PC's aren't flipping about according to whim, I'd say that the timing explanation is firming up.

A second addition - Problems started appearing on the most stubborn PC again. Three flavors now - (1) the standard "Could not attach...." message on logon, (2) an undefined blank screen of death (yes - blank - not blue or anything else) at logon (immediate exit from the logon screen to the blank one) that requires a power cycle to recover from , and (3) the appearance of the blank screen of death after the PC has been just sitting with the logon screen ONLY for a few minutes - no attempt was made to logon. Problems were severe enough to require that taking PG out of the startup list be done while in safe mode. This seemed to fix the problems (1) and (2) - but that shouldn't influence (3), right?

Blue

 

I think a lot of problems with PG might be related to other security software drivers conflicting with it somehow. Though I am always in the process of trying new drivers, etc and havn't had any problems with it.

You should always try disabling PG's protection before removing it, to see if this fixes the issues. If it doesn't I think it is safe to say it is a driver conflict. If it does fix it, then maybe something in your list is conflicting with something else on startup causing the crashes.

-Jason-

 

Well, I just reinstalled PG on my machine. Normal reinstall - unfortunately forgot to exit KAV WS or Outlook Pro (I'm testing it out).

On restart after the PG install, I immediately see the "Could not attach...." message. I recall this happening a number of times previously - but not always on the initial start of the system after an install. At this point PG protection is disabled, since it's never been started. I also noticed in this case that KAV and Outlook, which are both set-up to be minimized in the system tray, seem to "be there", have the appropriate processing running, but do not display icons in the system tray anymore. This behavior is not fixed by uninstalling PG either. An attempt to repair KAV WS using the Repair facility in Add/Remove Programs fails for KAV (I get a message to insert a disk, which I shouldn't get and can't fulfill), necessitating an uninstall/reinstall. I also had to uninstall/reinstall Outlook to get back to the previous state.

Blue

 

I get the "could not attach" message too on bootup, but PG seems to worl ok after that - it's just a nuisance having to close the "could not attach" message every time.

 

Yes we will get a new version out soon which doesn't try to attach so.. aggressively. Whether or not you ever open Process Guard (the GUI) the driver is protecting from before you even log on