Hello Could Anybody explain me what "winmgmt.exe -resyncperf 912" does mean? Another courious thing is that before loging into my windows 2000 process guard advert me to run an idle process dated 1601 And lastly sometimes PG advert me that a program has changed only in his md5 what are the possible causes?? thank very much pd: One idea could be to have and import list of common programs with the correct protection
Concerning winmgmt.exe, this should help: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/winmgmt.asp Windows Management Instrumentation can be disabled using the Services control panel. System Idle Process is defined here: http://www.dslreports.com/faq/7481 The PID (process ID) of System Idle Process should be 0, not 1601. Posting your PG log would be helpful. Nick
Hi didacbr74 & welcome, The reason that the MD5 checksum has changed is probably due to an update, for instance if you use TDS3 and do regular updates dcsmutex.exe changes quite often as part of the update, so the next time you do a mutex scan Process Guard will advise that the program has changed. Windows update can also changes many .exe's If you know you have done an update then expect to see a checksum change, if however, you know that nothing should have changed then block it and report here. The default list (wizard when PG first installed) covers the main windows files, every system is different so no complete list is possible, having said that you will find many programmes mentioned in this forum with peoples settings. Hope this helps. Pilli
-resyncperf sounds like a command switch for Windows Management, to resyncronise some performance data it stores ? never had to play with it before, but it sure seems normal Windows Management is one of those things most people never realise is there, working away trying to keep the OS working smoothly
