Process Logger Service

Discussion in 'other anti-malware software' started by Mister X, Mar 17, 2017.

  1. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,694
    Location:
    Mexico
  2. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Thanks for both comments. Easy to retain just a few days then, and agreed, rather log everything!

    And nice find. I am enjoying this proggie. Only change I've made is to log to my FIDES-protected external USB, rather than SSD system drive (this after discovering that Hard Disk Sentinel rates it only 'Acceptable' with Wear Levelling Count of 49 - threshold 5 - and estimated remaining lifetime only 279 days! :eek:. Hope it's wrong, this laptop is just over two years old).
     
    Last edited: Mar 20, 2017
  3. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,694
    Location:
    Mexico
    Did something quite similar: pointed log file to a local HDD, drive D:
     
  4. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,481
    A cheap SSD should be good for at least 5 years. And one should never defrag a SSD. A high quality one that as also cost a lot of money will last your lifetime.
     
  5. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    Should release a new build soon with option DeleteLogsOlderThanNDays in the Config.ini file, example:
    DeleteLogsOlderThanNDays = 7 ----> Delete log files older than 7 days
    DeleteLogsOlderThanNDays = 0 ----> Never delete logs
     
  6. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,481
    Thanks NVT

    Save some people the option to right click and select delete:D
     
  7. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Agree. I was just surprised at the Wear Levelling Count. CrystalDiskInfo shows the same but does not give a 'warning'.
    Excellent :thumb:.
     
  8. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    It was my Firefox DownThemAll! add-on. Somehow doesn't like that download.
     
  9. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Now working on both my Win 10 machines.
     
  10. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Scratch that. It is something else that prevents some downloads, but very few. Smartscreen maybe?
     

    Attached Files:

  11. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,562
    Hard to say with looking at the screenshot.
    FIDES, Sandboxie, a browser-extension ... Try to run the browser unsandboxed, and download it again.
    If it fails again, start the browser in safe mode with all extensions disabled. If it is working now, you know that a browser-extension has prevented the download.
    Deactivate one by one to find the culprit.
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Yes, I was following that path. Time consuming, but necessary if it continues to raise its ugly head.It has only happened once more with another download.

    I thought it was the DownThemAll! add-on but then it happened also with that extension disabled. And with browser unsandboxed.

    FIDES is only being active for my external USB drive.

    Anyway, I guess this is OT.
     
  13. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,562
    I think this is the right place to answer, so i'll do it here :)
    For example if i want to search for processes in my logfiles i'm using the filemanager Total Commander.
    It automatically searches all logfiles in the path which is mentioned in "Search in:"
    Total_Commander_search.png
    I'm pretty sure there are other tools which are able to do this.
     
  14. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,562
    @novirusthanks
    Is it possible to add the logging of the "exit status" of a process?
    So the user knows if it's a regular termination: 0x0, "forced termination" from the user: 0x1 or a crash: 0xc0000005,etc.
    I took these example from Process Hacker, which is able to log the exit codes.

    For example it might look like this:
    Code:
    [Process Termination]
    
    23.03.2017 00:01:14
    Process: [8296] C:\Windows\System32\dllhost.exe
    Exit Status: 0xc00000005
    Uptime: ~00:00:06
    It can be useful to log this. The user can search for abnormal process terminations in the logfiles, if needed.
     
  15. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    Yes, here is a new build v1.3 for testing:
    http://downloads.novirusthanks.org/files/ProcessLoggerService_TEST.zip

    This is the changelog so far:

    Let me know if you find any issues.

    Example log of "Exit Status":

     
  16. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,694
    Location:
    Mexico
    Thank you.
     
  17. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,829
    Location:
    Europe then Asia
    Can't run the test version on SUA even via "run as"
     

    Attached Files:

    Last edited: Mar 24, 2017
  18. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,562
    :thumb:
    Thanks. It's working and the correct Exit Codes are logged.
     
  19. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    353
    A little OT, but re svchost info, Ive found this to be pretty useful...
    https://svchostviewer.codeplex.com/

    Woops not for W10 I guess... I use it in W8.1 and it says its for up to W7... might be worth trying? There are some other programs like it also....
    Heres another...
    http://www.majorgeeks.com/files/details/tweaking_com_svchost_exe_lookup_tool.html
     
    Last edited: Mar 24, 2017
  20. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
  21. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    4,365
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,829
    Location:
    Europe then Asia
    Are you both on Win10? i think not because it seems it can't run yet on it.
     
  23. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,170
    Location:
    The etherlands
    Hi @Umbra, in my case, working on both Win 10 machines.
     
  24. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,829
    Location:
    Europe then Asia
    ok so maybe because im on SUA.
     
  25. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,562
    No, Win8 :) (see signature)
     
Loading...