Process Logger Service

Discussion in 'other anti-malware software' started by Mister X, Mar 17, 2017.

  1. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,839
    Location:
    Europe then Asia
    i still can't run it.
     
  2. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    Did you try to install it via the install.bat from the Admin account?
     
  3. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,484
    I am pretty sure if Umbra turned off all his security stuff and followed the directions he will get it. He is a smart cookie.
     
  4. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    3,839
    Location:
    Europe then Asia
    Is it necessary for it to function? because i won't use it from an admin account , i'm 99% of the time on SUA.
     
  5. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    Admin rights are only needed for the creation of the service (see "sc create ..." in the install.bat)
    After the creation it is running "all the time", no matter in what account your are currently logged in.
    You don't have to launch the executable directly, the installed service is launching it.
     
  6. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
    Which "Exit Status" codes should I expect?
     
  7. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    You should see Exit Status: 0x0 for "normal" Process Terminations.
    If you kill a process with a process manager, you can see 0x1
    For crashes of a process you might see 0x000000c5, or other exit status codes. It depends.

    As long as you can see 0x0, all is fine :)
     
  8. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
  9. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
    Did a list for Exclusion.db:
    Code:
    *audiodg.exe
    *services.exe
    *svchost.exe
    *winlogon.exe
    *LogonUI.exe
    *mobsync.exe
    *userinit.exe
    *SearchIndexer.exe
    *SearchProtocolHost.exe
    *spoolsv.exe
    *WmiPrvSE.exe
    *WUDFHost.exe
    *HeciServer.exe
    *IAStorDataMgrSvc.exe
    *jhi_service.exe
    *LMS.exe
    *nvvsvc.exe
    *nvtray.exe
    *nvxdsync.exe
    *RAVCpl64.exe
    *ramdiskws.exe
    *SbieSvc.exe
    *SbieCtrl.exe
    *DefenderDaemon.exe
    *Service.exe
    *ERPSvc.exe
    *EXERadar.exe
    *SecureFolders.exe
    *AppCheck.exe
    *AppCheckS.exe
    *AppCheckB.exe
    *AppGuardAgent.exe
    *AppGuardGUI.exe
    *LicQueryApp.exe
    *vmnat.exe
    *vmware-authd.exe
    *vmware-usbarbitrator64.exe
    *vmware-hostd.exe
    *vmware-tray.exe
    *vmnetdhcp.exe
    *wfcs.exe
    *wfc.exe
    *USBSafelyRemove.exe
    *WiFiGuard.exe
    *GoogleUpdate.exe
    *update_notifier.exe
    *EasyNetMonitor.exe
    *msoia.exe
    *IDMan.exe
    *IEMonitor.exe
    *IDMGrHlp.exe
    *PsnLite.exe
    *PSNGive.exe
    *XMouseButtonControl.exe
    *notepad++.exe
    

    I mean, they are logged every time I boot and some repeat over and over again.
    Any pros and cons for excluding them?
     
  10. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    @novirusthanks
    Bugreport - Process Logger Service v1.3:
    In the logfiles i can see wrongly formatted dates of Process Creations:
    Code:
    [Process Creation]
    
    04.03.2017 00:03:08
    
    [Process Termination]
    
    03.04.2017 00:03:14
    Process Creations are showing 04.03.2017, but it should be logged with: 03.04.2017
     
  11. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,453
    Location:
    U.S.A. (South)
    Is there some way to set a cut off point for the log?

    It might fill up if this service is allowed to run all the time like I want it to do.
     
  12. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    2,178
    Location:
    The etherlands
    This may not be the answer to your question, but it keeps a log for every day and one can set DeleteLogsOlderThanNDays=n in Services>Config.ini

    One can't limit the size of the daily log.
     
  13. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    Each day (00:00:00 - 23:59:59) = one log-file
    You can expect a file-size of 3mb up to 6mb for each day, it depends.

    If you plan to archive your logfiles, these files have a good compression ratio of ~1%
    (900mb of log-files =~ 15mb rar-archive)
     
  14. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,484

    Are you saying the logs were from March and Not April?
     
  15. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    The log is from April. It should show "03.04.2017" instead of "04.03.2017" (Process Creations)
    But Process Terminations are correctly logged: "03.04.2017"

    It was always showing: "day.month.year" for Process Creations and Process Termination in earlier versions.
    This has changed with v1.2 and newer versions
     
  16. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    6,453
    Location:
    U.S.A. (South)
    Got it. Thanks a bunch for clarifying.
     
  17. boredog

    boredog Registered Member

    Joined:
    Feb 1, 2015
    Posts:
    2,484
    Month, day, year is how we do it the USA.

    To get those dates, it has to be looking at your system clock info, I would think.
     
  18. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    @mood

    We'll fix it in the next hours,the datetime format (for creations and terminations) will be set to month.day.year same as most of the other service-only apps.

    @Mister X

    I would exclude processes not like *svchost.exe (that is unsecure as also 123svchost.exe will be excluded) but with the full path, i.e:

    C:\WINDOWS\System32\svchost.exe

    Or at least like *\svchost.exe
     
  19. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
  20. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    Thank you
    :thumb:
     
  21. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    Fixed, you can re-download the zip file again (always v1.3).

     
  22. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
    Thank you.

    Can I just overwrite ProcLoggerSvc.exe ?
     
  23. novirusthanks

    novirusthanks Developer

    Joined:
    Nov 5, 2010
    Posts:
    742
    Location:
    Italy
    Yes, that is fine.
     
  24. mood

    mood Registered Member

    Joined:
    Oct 27, 2012
    Posts:
    2,563
    Now [Process Creations], [Process Terminations], [Service Event] and the filename of the log-file have a common datetime-format :)
     
  25. Mister X

    Mister X Registered Member

    Joined:
    Aug 10, 2013
    Posts:
    2,699
    Location:
    Mexico
    Yes they have, I can confirm so.
     
Loading...