WG / PG3.150 ?

Discussion in 'WormGuard' started by NightLight, Jan 23, 2005.

Thread Status:
Not open for further replies.
  1. NightLight

    NightLight Guest

    After installed the lastest rev 3.150 of PG full version (using previous .dat files from PG3.100) and installed the lastest WG (trial), I saw some strange things :
    1- "activate" exe prot of WG : a window dialog showed not found wguard.ini file (not existing on my box)
    2- everytime wgscan ran, that was infinetively looping and I had to logoff/restart the windows xp pro sp2.
    3- WG was set to have "read' access in PG
    4- WG title bar showed version 4. (maybe a leftover)

    Finally, I had to have WG trial uninstalled. I plan to try it prior to buying this. Probably, I should wait for the next releases of WG/TDS.
    Any ideas are appreicated. Thanks.
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi NightLight, I have WormGuard running with ProcessGuard 3.150 full with no problems so far.
    What operating system are you using?

    Pilli
     
  3. nightlight2

    nightlight2 Guest

    Thanks to Pili.
    My box is winxp pro sp2.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not sure what is going happening in your box as I have the same OS and patches, you are trying to run the trial version and mine is the full version but that should not matter.

    I would try running the install again but make sure that you disable your internet connection and your other security programs first as they may be interfering with the install, put PG in learning mode and see if that helps.

    Pilli
     
  5. PG#1

    PG#1 Guest

    Hi Pilli,
    I have just reinstalled (a fresh) my winxp pro sp2 box; put in PG3.150 full license in place; then tried installing WG3x (trial), the problem persisted {right mouse click -> scan a file -> about ten instances of WG in taskmanager window with 5-7MB/each -> system stalled -> hard reset }. I had to have it removed then. Is it that my box infected by something?
    thx.
     
  6. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    WormGuard does not run as a proocess, so why are you seeing it in TM? The only time you will see it in TM is when you have the GUI open. WG uses a hook wguard.dll
    It runs equally well even when not on the ProcessGuard protection list though you can add it if you wish:
    ProcessGuard Settings:
    wguard.exe should be protected from MODIFICATION and TERMINATION. It won't need any allow privileges to operate correctly.

    Pilli
     
  7. PG#1

    PG#1 Guest

    Sorry for bothering you again on this issue on my box.
    I have just read another thread "right click scan file problem in win98" https://www.wilderssecurity.com/showthread.php?t=56264
    #1: I am going to try it again tomorrow to try capture the screen if such happens again.
    #2: Whether there was problem (tampered) to the file (WG trial) has been downloaded from DCS website? is it possible?
    I will report it tomorrow for you look into it.
    Thanks.
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    I don't think so though the file could have been corrupted in some way, especially if you use a file downloader program or possibly another browser that is not IE. though this is unlikely.

    If you can make sure that the files is:
    WormGuard 3 Evaluation Version
    Filesize: 1.56 MB (1,640,055 bytes)
    Checksum MD5: 5B1EBEF1908305D5B7459534AA8EBF8D

    You need a method for checking MD checksums such as a program like CryptoSuite.

    HTH Pilli
     
  9. WG3

    WG3 Guest

    hi Pilli,
    Now, I know the reason. After reading yours and WG-helpfile, when installed (core component / not regular WG installation) , it hooks to OS' low-level system and provides its protections from that point up. With the super power protection under PG3x in place, it wont be to do its hooking install which was the reason prevent it from working properly.
    When the reported problem, I forgot to mention that when I clicked "install" to enable hooking WG to system, with PG's protections, a dialog poped up and asked for non-existing file "wguard.ini" which is WG's configuration file when it is enabled and working. Then, I just clicked "cancel" button on that dialog window and tried a WG scanning and the problem shown.
    I have just installed WG (shown 4 :*), and temporarily turned off PG's protections when activating WG core comp. It works well now. With your suggestions, I made a filename "testingwg.txt.exe" on the desktop; gave it a run, WG stopped it from running and warning:
    It is somewhat concern to install st with having to temp turn off PG's protections!
    Thx for the help.
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not really a concern if you only install programs from trusted sources, having said that many non low level programs do not require ProcessGuard to be turned off. :)
    Anyway I am happy thet you have it sorted.

    Cheers. Pilli
     
  11. PG#1

    PG#1 Guest

    Hi Pilli,
    I have another little concern question relates using "register.exe" came with installation of WG (trial version). From DCS website:
    When giving WG register.exe a run, it states that
    Does it mean that if one uses this method to get the paid license for WG, the keyfile is going to be specific to this computer (computername)? That raises my idiot concern for which if I change my computername or reinstall windows os ?
    Please help me clarify it. thx.
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Not sure exactly what it means but I do know that your keyfile will work after a reformat and rename so it is probably the definition of "computer name" that needs correcting, certainly the keyfile is tied to the username and email address and maybe this is what it really means. Hopefully DCS can clarify this :)

    Cheers. Pilli
     
Thread Status:
Not open for further replies.