Services.exe trying to terminate vsmon.exe

Hello,
I have been getting the following warning once or twice a day at random times for several weeks now.

---Process Guard Log Started---
Wed 01 - 11:45:11 [TERMINATE] c:\windows\system32\services.exe [452] was blocked from terminating c:\windows\system32\zonelabs\vsmon.exe [1344]

---Process Guard Log Started---
Thu 02 - 15:10:29 [TERMINATE] c:\windows\system32\services.exe [456] was blocked from terminating c:\windows\system32\zonelabs\vsmon.exe [1340]

If legit, why would services be trying to shut down my firewall? Thanks for any help.

 

I am not a Microsoft Operating System expert, but you may have a trojan masquarading as services.exe. Trojans are known to try to shut down firewalls so that they can communicate without your knowledge.

http://www.processlibrary.com/directory/files/services/
http://www.neuber.com/taskmanager/process/services.exe.html

 

Update - I turned my system inside out, looking for maleware and "found" none. Suspecting some type of update conflict, I loaded a pre-error backup image and the 20+windows updates - nothing. I then updated my AV and Zone Alarm -Bang- the fault started. Uninstall ZA and reinstall with PG disabled, problem solved. It seems ZA has a new auto update feature.

Should ZA be left to its own defense(it is somewhat
"hardened") or can I configure PG to somehow allow it to properly update unattended ?
Thanks for any help

 

Yes, ZA does have a new auto-update feature; but on my system (I'm using ZAP) this is done through updclient.exe, not vsmon.exe.

On my system I have not experienced these problems, I have services.exe set in the Protection tab to be authorised to 'terminate' so it would not be blocked by PG from doing so.

Have you tried putting PG into learning mode while you run manual updates with ZA? In ZAP you can update via the spyware section and also in 'Overview'/'Preferences'/'Check for update'; these are two different types of update but they should both run updclient.exe. It's probably best to do them both. This will set-up PG to correctly handle ZA updates. But I really don't know why services.exe would try to terminate vsmon.exe since this is not involved; however services.exe should be given termination rights as I say.

If you are running ZAP/ZASS you would also need to allow patch.exe to have permission to 'always' run; this only kicks in with a spyware update when one is available and downloaded.

 

It's not clear to me if you are now using ZA, or if you're a former user and have uninstalled ZA but vsmon wasn't deleted during the uninstall.

 

If you are speaking of member whoman....they re-installed ZA "with PG disabled" and everything was fine.

Bubba

 

Bubba- Yes, thanks for explaining.

 

it looks like you have two options, either give "services" permission to terminate "vsmon" or else turn off zone alarm's auto-updating.. if it was me, i would try to turn off the auto-updating..