Processes left open

Discussion in 'FirstDefense-ISR Forum' started by mike21, Aug 31, 2007.

Thread Status:
Not open for further replies.
  1. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Hi, I am a new user. After finishing copy/update screeshot the following processes remain open:

    msdtc.exe 4,968 K MS DTC console program Microsoft Corporation
    dllhost.exe 10,032 K COM Surrogate Microsoft Corporation
    dllhost.exe 5,312 K COM Surrogate Microsoft Corporation
    vssvc.exe 6,608 K Microsoft® Volume Shadow ... Microsoft Corporation

    Is this normal?

    Also can I anchor my desktop and my firefox profile, or it is not recommended?
     
  2. Huupi

    Huupi Registered Member

    Joined:
    Sep 2, 2006
    Posts:
    2,024
    what do you mean with left open ? With FDISR you can anchor almost anything,but don't anchor system files.All stuff anchored has to be in a seperate back up, because it exsist outside FDISR snapshots,also you can anchor your desktop which has to be in a backup also.
     
  3. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
  4. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    AFAIK, there is nothing wrong with these processes. If they are running, let them run and do their job.
     
  5. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Hi Mike ;)

    These processes are left open as the corresponding Windows services are started by FDISR whenever a copy/update is performed. FDISR uses these 4 services when updating a snapshot/archive -

    Untitled-1.jpg


    You can see from the screenshot that I keep all those services on "manual". FDISR starts them when needed. What you want to do is to manually stop those services after each updating (or reboot your PC) so they don't unnecessarily suck resources (RAM). Well at least that's what I do, as I don't update so often, so I don't need to have them running all the time.

    If you want to investigate further what are these services/processes exactly needed for, I will provide a few useful links:

    COM surrogate (COM+)

    Volume Shadow Copy service

    Distributed Transaction Cordinator

    These services are commonly used by backup utilities, so there's nothing to worry about. Of course, you could find some better links for further reading (by googling the services), this is just to give you some insight.

    Cheers.
     
  6. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    thanks for the explanation, I manually killed the processes after each update, but it seemed strange to me why they remained active, shouldn't they close after finish updating snaposhot? But its not so important. Also everytime I boot to any other snapshot than the active, I am getting popups from KIS that "the executable file has been changed" as TonyW describes in an older thread
    Not constant popus but when I first launch a program.
     
  7. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Set all the FDISR stuff to trusted in KIS and hopefully that should stop the pop up's
     
  8. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Yes, MS Sofware Shadow Copy and Volume Shadow Copy will stop after a few minutes. COM+ and DTC remain open as they have other purposes other than backup/update. Have some read on the links I provided.

    As for KIS, I don't use it (never had), so I am not sure why it detects a changed executable. Possibly something with the way KIS handles file hashes (or paths) in different snapshots. Pete's suggestion sounds reasonable though.
     
  9. mike21

    mike21 Registered Member

    Joined:
    Jun 1, 2006
    Posts:
    416
    Sorry for not mentioning before, I have already added the 1stdefense process and 1stdefense management to the trusted applications list.

    Its not a big problem as the "executable file has changed" pops up the first time I launch each program and not always.

    What a program though, I have made tens of installations already and reverted them back and it works exactly as you said in another thread.

    Edit: I just thought that the popups could be because in both snapshots KIS was not installed, i.e. both snapshots were made after clean installation of windows and a couple of programs only, but KIS was installed afterwards.
    I am not sure about that but I will try it and revert on Monday.

    Its exactly as you said.
     
    Last edited: Sep 1, 2007
Thread Status:
Not open for further replies.