Question before installing

Discussion in 'ProcessGuard' started by gracie123, Jan 18, 2006.

Thread Status:
Not open for further replies.
  1. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    Hello,

    I've just got done reformatting my PC and I am in the middle of installing all the programs I use. I have Windows XP. I fell into trouble when I failed to let "Learning mode" be enabled and do it's thing and in turn... I started seeing things in the log that said about "ctfmon.exe" doing things and it happened probably because I enabled Global Hook protection and the other protection without ever doing once a "Learning mode" session for my computer, running all my programs.

    Could this be the reason?

    Gracie
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Maybe it's just me. But I don't understand what you're saying. In general yes. But not specifically. The language seems convoluted.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Yes. Get a clean system setup the way you want. Then install PG and let it run in Learning Mode. At the least run anything and everything that connects to the net. Then do several reboots, and turn learning mode off(it should be off). From then on you can respond as other programs prompt you. As a rule, if you trust the program, let it do what it wants.

    Pete
     
  4. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Gracie, I suggest you not to enable all global protections if you're reinstalling all your programs after a format ... Or, as a minimum, be sure to let it in learning mode!!

    I don't understand neither the mean of your quote o_O , but you can allow global hook for cftmon.exe, or disable cftmon.exe from Windows startup (it's quite useless), with msconfig for instance. :)

    Cheers,
    nic
     
  5. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    Hi everyone.. thanks for replying to my concerns. The above is exactly the answer I was hoping to hear.. basically for those who didn't understand: I was wondering if I should do what Pete said above but I was in a hurry at the time of my post because I had some stuff going on in real life.

    Just a thought... do I enable all the things listed under protection after several reboots?

    Thanks Pete and everyone who considered helping me. :)

    Gracie
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Gracie

    They should already be enabled. If you run everything thru learning mode, and then turn it off you will be in pretty good shape. True you can tweak setting and fine tune your protection, but if you just use what learning mode set you will be well protected. That should be adequate unless you are operating in the highest risk area's

    Pete
     
  7. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    Hi Pete,

    I appreciate your time in helping me with ProcessGuard.

    I am about to install ProcessGuard soon... so now when the computer comes back up... check the Global Hooks protection and others while PG is in Learning Mode and I should not have any problem? I am just asking because with ctfmon.exe it tried to do something where PG blocked. I then reformatted this morning.

    So since it is known to me that ctfmon.exe or cftmon.exe (whichever it is, hope you know) requires something to do with the protection of Global Hooks.. will I run into trouble upon a reboot of the computer or No because even though Global Hook protection is checkmarked like the other settings... as long as I take advantage of the Learning Mode in PG, it will configure the ctfmon.exe and others correctly even if they do one or more of the things that are the extra security settings that you get in the Full version of PG?

    I hope that makes sense.. trying my best to make it easy to understand :).

    Thank you! I'd appreciate a response back from Pete or anybody who's willing to lend a hand :)

    Gracie
     
  8. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Gracie, I hope you didn't format only because or this cftmon stuff :eek: . There are few chances that you really need it running, and if you don't, just get rid of it: clic on Start, run, type "msconfig", and look in startup for cftmon entry...uncheck its box, reboot when you get a prompt to do: no cftmon.exe running and prompting in Process Guard anymore :) .

    nic
     
  9. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    Hi nic,

    Well I did :oops: but I wish I could of just did what you said sooner and I wouldn't of had too. But however, I suppose I would of because I have a program installed that came with the USB card that I use to connect to the Internet with. The brand is Linksys.

    This program is perfectly fine... it replaces the Windows XP Wireless Configuration but you can switch at anytime... it shows. Personally, I like the Linksys program better.

    But upon startup of the computer it tried to install drivers and services, tried to modify protected applications and read from protected applications.

    What options do I need to check or what can I do to not run into this trouble? Will running ProcessGuard in Learning Mode configure the settings for the Linksys program based on what it needs to do? If not, can you tell me or someone tell me what options do I need to choose according to the above things that happened when I didn't go through learning mode and as the computer started back up.....

    Thank you!!

    Gracie
     
  10. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Ok, as Peter2150 said, you should better have installed PG only after setting up your system. Now that it is installed, you should disable its protection (if you've still other programs to install): in the main panel, uncheck the four "global protection options" (protect physical memory, block global hooks, block rootkit/driver/services installation, and block registry dll injection), then uncheck "Protection enabled", in Protection settings.

    You tried to install your router/modem (the Linkys box), and that didn't work because you didn't release PG protections - did you? I mean, did you allow every events in the prompts?

    If the router doesn't work, you should maybe uninstall it, and reinstall with PG disabled; or as a minimum, with the four "global protection options" unchecked, especially block rootkit/driver/services installation (your router won't work if you block its drivers!), and in learning mode.

    Once you're installed your most importants programs (antivirus, firewall, ...), it's time to re-enable PG, and let it in learning mode; you run all your programs, so that PG can "learn" about them, and quit learning mode after several reboots.

    Then at this stage you'll be able to play around with PG settings :). For now (I mean during a Windows reinstall), it's more wise to bypass it, or you'll mess all your programs installations if you don't manage to reply to the prompts.

    Cheers,
    nicM
     
  11. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    HI nic,

    Okay I read your reply. Thank you! Now, since PG is in learning mode (all programs have been installed before I installed PG) do I check "Install drivers and services" for the Linksys program? (program that allows me to connect to the router thru a USB card connected to this computer).

    Also, Yahoo! Messenger was saying before that it needed Global Hook permissions and being that I failed to go in Learning Mode BEFORE, I think thats why I had the problems I did before the reformat.

    Now, because ProcessGuard will go out of Learning Mode after several reboots do I check Install drivers and Services for the router program and also check Install global hooks for Yahoo! Messenger or what do I do?

    Thank you - any help appreciated :)

    Gracie
     
  12. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi Gracie,

    Ahaaahh, I didn't understand that.

    YES!!!! But that means you've still the 4 global protection options enabled. Whatever, check the prompts for Linksys (driver, etc).

    hm, I did install it 1-2 month ago, but I don't remember if it asked for global hook. But the answer is probably YES here too, if it does ask for it.

    Cheers,
    nicM
     
  13. gracie123

    gracie123 Registered Member

    Joined:
    Aug 4, 2005
    Posts:
    397
    Hello nicM,

    OK so I chose Install Global Hooks for Yahoo! Messenger and also chose Install drivers/services because Yahoo! has an "autoupdater" I think.


    On the Linksys program, I have checked: Install global hooks and Install drivers/services.

    So my question is: Is the above what I should have checked? AND, if I check the 4 security settings: Protect Physical Memory, Block Global Hooks, Block rootkit/driver/service installation, Block registry dll injection.. will this cause conflicts with what I have done above?

    Thanks,

    Gracie
     
  14. nicM

    nicM nico-nico

    Joined:
    Jul 15, 2004
    Posts:
    631
    Location:
    France
    Hi Gracie, I'm not sure that Yahoo needs install driver/service flag, but maybe I hadn't this alert because whan I installed it, I removed it - Ypager - from startup as soon as it was installed ( indeed I don't like this kind of programs to keep starting with Windows, and it does work as good if you start it later). I wouldn't allow it driver/service install, unless Yahoo can't work without it.

    It should be OK for the Linksys router. Checking theses 4 protection options shouldn't conflict with theses two programs, if you gave it the allow flags they need (as giving them Global hook and driver/service flags, you won't get prompts when they do, they're somewhat allowed to "bypass" theses protections. That's the reason why you should give theses "allow" flags carefully :shifty: ).

    Cheers :)
    nicM
     
  15. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    My opinion is that Learning Mode is worthless. Don't bother with it. It will NEVER turn itself off and who is going to run 200 programs just so PG can learn? How absurd. You will have to run in Learning Mode forever or just let PG prompt on everything and you allow or disallow. I used Learning Mode and it is worthless as PG does not learn. I don't know why PG has it. Plus, no one is going to reboot several times not on XP as one main reason for using XP instead of 98SE is that you don't have to reboot except on Microsoft Tuesdays or when installing applications that require a reboot.

    I NEVER turn PG off even during installs of new applications. I simply answer all prompts. I still, of course, have PG screw up a LOT of programs because there is NO way to predict what needs global hooks, etc. or when this will happen. Perhaps, for instance, you ran a program during Learning Mode. PG has learned about that program's needs you think to yourself. Not so! You probably didn't run every single aspect of the application. So, one day you run that application and run a part of it that needs access to physical memory. PG blocks it silently (no popups because I have Windows balloon junk disabled in the registry) and I can't figure out why the application doesn't do something I vaguely thought I recalled it could do. Later, I see the tray icon is red and figure out what happened. PG should popup in the middle of the screen when it blocks ...not use balloons which are so cartoonish that many turn that off in the registry.
    Plus, you cannot know, except by trial and error, what you must allow to have access to physical memory and global hooks and what you can deny even though you will be bugged repeatedly by PG blocking say Explorer asking for global hooks. You deny and then if something doesn't work....try enabling global hooking for Explorer or whatever.The only way to use PG is to resign yourself to a great number of prompts that you allow or don't.
     
Thread Status:
Not open for further replies.