sanasecurity Attack Shield and ProcessGuard

Discussion in 'ProcessGuard' started by wayne_b, Dec 7, 2005.

Thread Status:
Not open for further replies.
  1. wayne_b

    wayne_b Registered Member

    Joined:
    May 29, 2004
    Posts:
    56
    Issues regarding AttackShield WS version 2.0.0 and ProcessGuard 3.150 Full Version

    Attack Shield shuts down windows with ProcessGuard installed

    Steps taken....
    Disabling Attack Shield WS (attackshieldagent.exe disabled in process manager) then installing Process Guard (running in Learning Mode) Re-enabling Attack Shield WS continuing in Learning Mode, upon computer restart, Attack Shield shuts down windows (with PG in Learning Mode)

    Uninstalling Attack Shield, then re-installing Attack Shield (after PG is installed), Attack Shield still shuts down windows.

    Giving attackshieldagent.exe special rights "install global hooks" , "install drivers/services", access physical memory", Attack Shield still shuts down windows.

    All unchecked under "Global Protection Option"

    Two files Attack Shield requires - attackshield.exe (GUI - resides in the start menu) attackshieldagent.exe (services)

    I am including the dump file

    AttackShield website - http://www.sanasecurity.com/

    -wayne
     

    Attached Files:

  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi,Wayne_b,
    I had a look at the dump file/website,and it sounds like a conflict with the memory usage or something like that,(i'm not a computer geek so i might just be pointing the obvious here,forgive me if i am). Also the dumpfile mentions a 'AttackShieldDriver.Sys',you only mention 'attackshield.exe' and 'attackshieldagent.exe', i assume you know about the the driver.
    It could be that they're incompatable,the website says Attack Shield monitors the memory for suspicious behaviour,so it might see PG as a threat,tho why it causes a computer shutdown i could'nt say. Thats about all my little brain can handle at the mo (haven't had much sleep),i hope i'm on the right track and someone else will pick up where i left off.

    Keep us informed though wont ya!!
     
  3. wayne_b

    wayne_b Registered Member

    Joined:
    May 29, 2004
    Posts:
    56
    Hi Tony,

    Yes I know about the "AttackShieldDriver.Sys" it resides in the Attack Shield program folder, thanks for bringing it to my attention since I didn't mention above.

    "Keep us informed though wont ya!!"
    you bet :)

    -wayne
     
  4. wayne_b

    wayne_b Registered Member

    Joined:
    May 29, 2004
    Posts:
    56
    Both files are located in the Attack Shield folder

    AttackShieldShim.sys = Shim Loader Driver
    AttackShieldDriver.Sys = AttackShield Tracer Driver

    Attack Shield is using an execute file I am unable to locate (under normal search) "ss.exe" per "pglog" the only reference to "ss.exe" is located in the prefetch folder.


    Wed 07 - 15:24:32 [EXECUTION] "c:\program files\sana security\attack shield\ss.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\ss.exe" 1djdsno6c58imierfs6s ]
    Wed 07 - 15:24:37 [EXECUTION] "c:\program files\sana security\attack shield\installer.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\installer.exe" install "c:\program files\sana security\attack shield\attackshielddriver.sys" 0 0 ]
    Wed 07 - 15:24:39 [EXECUTION] "c:\program files\sana security\attack shield\installer.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\installer.exe" install "c:\program files\sana security\attack shield\attackshieldshim.sys" 1 1 ]
    Wed 07 - 15:24:47 [EXECUTION] "c:\program files\sana security\attack shield\attackshieldagent.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshieldagent.exe" -i ]
    Wed 07 - 15:24:52 [EXECUTION] "c:\program files\sana security\attack shield\attackshieldagent.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\services.exe" [440]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshieldagent.exe" ]
    Wed 07 - 15:25:01 [EXECUTION] "c:\program files\sana security\attack shield\attackshield.exe" was allowed to run
    [EXECUTION] Started by "c:\progra~1\common~1\instal~1\driver\10\intel3~1\idriver.exe" [1664]
    [EXECUTION] Commandline - [ "c:\program files\sana security\attack shield\attackshield.exe" ]
    Wed 07 - 15:27:25 [EXECUTION] "c:\windows\system32\imapi.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\services.exe" [440]
     
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    So it BSOD or reboots the machine without a BSOD ?

    I can't see a demo download, but this isn't a PG problem - its an Attack Shield problem. Their support will need to reproduce a crash and debug the problem.

     
  6. wayne_b

    wayne_b Registered Member

    Joined:
    May 29, 2004
    Posts:
    56
    Hi Gavin,

    When Attack Shield protects the OS (when triggered) it gives the BSOD, normal for this application.

    My problem, is I am unable to run PG without triggering Attack Shield, thus in hopes someone could shed some light on getting Attack Shield to play nice with PG. I will take it up with Sana Security.

    Thanks

    -wayne
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Ok thanks for clarifying ! is there a download ?

    If not, they may need to send us a copy when requesting help, they can contact us of course for anything they might want to know to resolve this easily. It might need some interaction between us.
     
  8. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,719
    Hi Fellas,

    I also have Attack Shield WS and it's not compatibale with ZA or Kav just in case someone was going to install with these programs.

    Rilla927
     
Thread Status:
Not open for further replies.