Startup Problem Persists With PG 1.3

Discussion in 'ProcessGuard' started by spm, Feb 9, 2004.

Thread Status:
Not open for further replies.
  1. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    For me, the startup problem with procguard.exe (failing to connect to the kernel mode driver) persists with PG 1.3. Very disappointing.
     
  2. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Hi Steve,
    Did you completely uninstall the older version and then reboot before installing v1.3?
    Also please check in the registry HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\procguard, there's a Start key in there - it's value should be 2 (for Automatic)
     
  3. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Wayne: Yes, I disabled protection, terminated pg_msgprot.exe, uninstalled, removed all registry references to procguard (incl. the legacy drivers) and rebooted before reinstalling. I have done that twice now.

    The Start key does have the value 2.

    Problem persists.
     
  4. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I haven't installed 1.300 yet, but I did notice that the problem was persistent in all earlier versions on my PC after any install or operation in which some housekeeping occurred after any reboot.

    Do you see this behavior on all reboots or is it intermittent and generally after some maintenance?

    Blue
     
  5. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Blue: Yes, the behaviour is persistent for all reboots, irrespective of whether there has been other housekeeping (which there has not been - apart from PG reinstalls - for some time).
     
  6. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Another issue which comes to mind: given the prevalence of this issue in particular with earlier versions, at least, of PG I am surprised there is no inherent debug tracing facility built into PG that could help DiamondCS track down faults.
     
  7. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Steve, What is your operating system and PC specification please?
     
  8. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    As per my previous postings on this matter:

    The machine is a Pentium 300MHz, 128Mb memory, 45Gb hard drive, and runs as an internet gateway for a small office environment, with firewall, A/V, mail server.

    It is running WinXP Pro, with SP-1.
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Well this is disappointing. Could you please provide a screenshot of Process Guard directly after starting up with this error, after you have clicked on the "Ok" messagebox that is. I need to be able to see the Window log.

    -Jason-
     
  10. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Jason: Screen shot attached.
     

    Attached Files:

    • pg.gif
      pg.gif
      File size:
      17.5 KB
      Views:
      654
  11. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Steve, That is not a "Cannot attach to the kernel error" but a "Cannot Open" error, not sure what the difference is but Jason did mention it when we were beta testing so maybe he will have a solution for you in a few hours:)
    I am wondering whether the procguard.sys driver has started?
     
  12. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    Pilli: My mistake - I didn't look carefully enough at the error message. Sorry.

    That said, the problem remains.

    I presume the procguard.sys driver does start (though maybe not before procguard.exe?), as protection seems to be working.
     
  13. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Yes the driver should start very early on boot up, then pg_msprot.exe finally Procguard.exe from the startup folder.
    Look in the reg for "Process Guard" rather than procguard and see if there is not a run key still hiding in there somewhere.
     
  14. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    No, I have no other run key for Process Guard - indeed, I use a startup manager which shows me all startup-related programs, and there is only one for PG.

    A registry search for "Process Guard" shows nothing of interest.
     
  15. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    I'm getting the same "Could not open" error with 1.3 on a P4 2.6 gh (Windows XP Pro) - so I've removed PG from startup again.
     
  16. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hmm, Looks like we need to wait for Jason - 4 am in Perth at the moment.
     
  17. Joop

    Joop Registered Member

    Joined:
    May 5, 2002
    Posts:
    8
    Location:
    Holland ( near Arnhem )
    Hoping the new PG 1.3 would solve my BSOD during startup I uninstalled the old one shutting down all options being sure of all files gone, and rebooted.
    Installed the new version rebooted again, then opened all options and running fine.
    Rebooted again and there's my nice BSOD again.
    After going to safemode and unchecking Block Global Hooks there I rebooted again to see PG in all her glory again.
    Seems Global Hooks protection does something to my system that makes it crash.
    Could it be possible to show you wich hooks are made, without blocking them, so you can block them one by one ?
    PG runs fine with all protections enabled when Windows runs.

    Joop
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Joop, Just for reference would you please state your OS & cpu?
    Jason will be back on in a few hours and may have some answers.

    Thanks. Pilli :)
     
  19. Joop

    Joop Registered Member

    Joined:
    May 5, 2002
    Posts:
    8
    Location:
    Holland ( near Arnhem )
    He's got all info already from the last time.....
    But for everyones info:
    OS : Win XP home all updates
    CPU : intel P4 3Ghz hypertr.
    running security's : wormguard/ sophos/ Sysgate 5.5
    Net : ADSL 4096/640 on Alcatel USB modem

    I think if Jason needs more he can contact me :)

    TDS runs only when needed
     
  20. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    I know the HyperThreading being the cause of BSOD too with the firewall Look'n'Stop, may be it is also the case for PG, it might be a clue.
     
  21. Joop

    Joop Registered Member

    Joined:
    May 5, 2002
    Posts:
    8
    Location:
    Holland ( near Arnhem )
    could be an idea.... never looked at it that way.
    Untill now no program misbehaved here but one have to be the first.

    Goodnight..time to prepare for tomorrows day :)
     
  22. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,039
    :eek: :DBINGO!!!! :D :eek:

    GKWEB.. I know you'd have the answer even if you didn't. I have been going nuts, and driving Jason nuts.
    PG 1.2 just wouldn't work with the 2 new protections. Block Driver messed up AOL, had to turn it off. Global Hooks, caused some nasty crashes. Just couldn't use them.

    Installed 1.3 this morning and everything seemed stable until I added a couple of programs, and crash we did. After that it has been hell. If I didn't totally disable PG, I would crash on log in when the gui started. If I turned the machine off, I would crash right after the bios, and then was okay. I even did a clean uninstall, and reinstall, and it was the same. Crash city.

    Saw GKWEB's post, and remember I'd never gotten Look,N,Stop to run on this machine. I just turned off Hyperthreading, and voila. NO CRASHES. Yippee!!!

    I think the problem is solved for me. Wonder if there is something that Jason can do to make it work with Hyperthreading. Also wonder if we care?? Ideas??
     
  23. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    wow :eek:

    i was far to believe that i was so close :)

    for sure this will help DCS ;)

    BTW i am happy that all works fine for you now.
     
  24. tech-addict

    tech-addict Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    71
    Well I have the same problem on my laptop again... :(

    The old message with 1.2 was:
    "Error: 2. Process Guard could not attach to kernel-mode driver. Please make sure Process Guard is installed properly before continuing."

    Now with 1.3 it is:
    "Error: 2. Process Guard could not open kernel-mode driver. Please make sure Process Guard is installed properly before continuing."

    Seems to me it's the same error (open / attach) just renamed :p

    My laptop is running XP Home SP1 + all updates
    it's a Compaq PIII-m 1.2 GHz with 512MB ram
    My security software is ZoneAlarm Pro v4.5.538.000, BO Clean, Symantec AV.
    all up to date.

    I did a complete uninstall, reboot, install... reboot got error, added default protections reboot, no error (was thinking it was fixed) added BO Clean and SAV to protection list, reboot ok (was happy) shut down system, waited 5 minutes and then started system and the error was back :eek:

    Have tried all types of different settings , bootvis, defrag, ect... Still the error persists... so I have went back to delaying PG startup for 60 seconds and all is ok, again.
    ;)
     
  25. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I will have to take a look into HyperThreading to see what the issue is ( I have some general ideas though :) ). All my home machines are AMD based, and all of our test machines at work are P2/K6/P3/CELERON/P4 machines, but none of the P4's have HT. We will probably be getting some and some AMD64 soon though for internal testing.

    Though some of our beta testers have P4 HT machines, so we will investigating this for the next release.

    -Jason-
     
Thread Status:
Not open for further replies.