Processguard block and not log?

Discussion in 'ProcessGuard' started by Jan J, Nov 15, 2006.

Thread Status:
Not open for further replies.
  1. Jan J

    Jan J Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    22
    Location:
    Skokie, Illinois
    Just got over an interesting issue....
    Though nothing was logged Processguard was causing a software install program, and then the program it installed (After PG was disabled) to halt with the only message being "Invalid Handle".

    Scanned logs, and nothing was found to cause this in PG, so I beat my head against a wall for a while longer, until I decided to turn stuff off. It was PG, and disabling it worked...

    Later on, (at someone else's suggestion I'm sorry to say), I tried Learning mode, and ran the programs again.

    Now All seems fine... o_O??

    Have you ever encountered an issue like this?

    Can you provide insight as to what "Invalid Handle" means?

    Thanks!! Keep up the good work!!!
     
  2. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I can create that error with PG. I have IE on a tight leash. It has to ask permission to start each time. If I deny permission on the PG pop-up, I get the handle is invalid error. In your case, since you didn't have PG on learning mode, it stopped your newly installed program from running. That's normal behavior for PG. You needed to let it learn that the new program was acceptable.

    I'm sure someone with more detailed knowledge of Windows can give you the technical definition of that error. I don't want to attempt it...I know sort of but explaining it ...well, I'm too tired and sleepy and I'm sure others can explain better I can anyhow.
     
  3. Jan J

    Jan J Registered Member

    Joined:
    Dec 3, 2005
    Posts:
    22
    Location:
    Skokie, Illinois
    Well, that's what happened.... I've had situations where this didn't occur, though... I checked the log, didn't see anything, so thought the error was elsewhere....

    Oh well, live & learn!!! Thanks!
     
  4. controler

    controler Guest

    Hi Jan

    How have you been old friend?

    Do you guys get an error code with the exception? you could then type that in at Windows dot com to find an answer.
    Jan are you still using XP? If so were you saying you did look at windows error logs , admin tools event viewer.


    controler
     
  5. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    It doesn't show up in event viewer...at least not IE one. IE has a log in event viewer that has never had anything in it ...why I don't know. But I would have expected it to show in applications log and I have never seen it there.
     
  6. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    This is what happens when a process is started via CreateProcess and FAILS

    Block new & changed programs should not be turned on - thats could have been the problem in this case (either that or manually saying NO for it to start).

    For PG to really be disabled the interface must show it in status - SECURE before you disable and then DISABLED shown. When disabled is shown the driver has definitely been updated with the settings, and will not be active AT ALL, so cannot cause a program to not run, giving your messagebox "handle is invalid"

    Perhaps it was not actually disabled.. or block new & changed was on
     
Thread Status:
Not open for further replies.