spysweeper modifying....OK?

Discussion in 'ProcessGuard' started by Ean, Feb 24, 2005.

Thread Status:
Not open for further replies.
  1. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    Hi All, newish user here. Just did a fresh install of Win2000 with all the DCS utilities and zonealarm for firewall and AV. To this I just added MS anti-spy(AS) and SpySweeper. Now when the system starts up, I get SpySweeper giving multiple alerts on Process Guard (PG) that it is trying to modify all kinds of things (snip of PG log below from after fresh boot).

    Can someone tell me if they have seen that before, and if there is some good reason SpySweeper SHOULD be giving modify access to all these? Or what might be going on?

    MS AS and SpySweeper seem to get the best anti-spy reviews, so I find it hard to belive SpySweeper would be such a blatent violator of these other processes.....but then again maybe programmers know of some good reason this would occur....

    Ean

    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\smss.exe [180]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\csrss.exe [204]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\winlogon.exe [200]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\services.exe [252]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\lsass.exe [264]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\svchost.exe [432]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\spoolsv.exe [468]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\processguard\dcsuserprot.exe [520]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\svchost.exe [544]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\stisvc.exe [588]
    Thu 24 - 06:04:03 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\system32\wbem\winmgmt.exe [680]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\winnt\explorer.exe [932]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\lavasoft\ad-aware se plus\ad-watch.exe [1040]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\processguard\pgaccount.exe [1048]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\logitech\mouseware\system\em_exec.exe [1068]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\trillian\trilnetdetect.exe [1072]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\spybot - search & destroy\teatimer.exe [1088]
    Thu 24 - 06:04:04 [MODIFY] c:\program files\webroot\spy sweeper\spysweeper.exe [1216] was blocked from modifying c:\program files\processguard\procguard.exe [1128]
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Ean, Give SpySweeper the "allow modification" flag, Providing it is a trusted application from a trusted source and is probably injecting a .dll to do it's job correctly,so do not get too worried about it.

    HTH Pilli
     
  3. Ean

    Ean Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    23
    Location:
    LA, CA
    Thanks Pilli,

    Not getting "worried" too much, but just trying to get up to speed on how things work. :)
    Now, by "allow modify flag", you mean under the "protection" tab of PG, and then below where it says "authorize this app" and the checkbox for "modify protected apps"?? Because when I just went there, I see that IS already checked!

    Oh, I should add also that I am still on my Eval version (I am working out my PayPal right now to BUY all my DCS utilities! :)). Is it possible that is preventing me from getting spysweeper set right?

    Also, I don't see SpySweeper in the PG apps database....odd since I only FOUND SpySweeper from a link here in the fourms somewhere that showed a study done at a Univ in IL that compared a large number of Anti-spy's and had SpySweeper #2 behind MS's new one (formerly Giant).

    **more info added**
    I also just got my Port Explorer going, and notice that SpySweeper shows with 2 entries in RED (which is sometimes a not-cool thing, as I understant it). I put the PE socket spy on it and it sent out some reasonable looking reqest an hour ago, but seems to have just left the connection and listening there.
     
    Last edited: Feb 24, 2005
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Ean,
    Yes those functions are disabled in the trial:
    Trial:
    Control application execution
    Protect applications from unwanted termination
    Protect applications from unwanted modification & injection
    Protect applications from unwanted viewing
    Full
    Block new and changed programs
    Protect physical memory (prevent operating system vulnerabilities)
    Block Global Hooks (stops keyloggers and password stealers)
    Block unwanted driver/service installation (stops rootkit trojans)
    Block registry DLL injection (stops spyware such as CoolWebSearch)
    Secure Message Handling (protects applications from messages)
    Interface Lock (protects from malicious changes and other users)
    FREE technical support

    Pilli
     
Thread Status:
Not open for further replies.