Why doesn't "Deny Always" stop files from executing?

Discussion in 'ProcessGuard' started by Stro, Dec 6, 2005.

Thread Status:
Not open for further replies.
  1. Stro

    Stro Registered Member

    Joined:
    May 16, 2004
    Posts:
    130
    Location:
    Memphis, TN USA
    Can someone tell me why the “Deny Always” setting on the Security tab is not working for me? (I have the licensed ProcessGuard running on Windows XP Pro.)

    I want to stop two .exe files from executing when I boot-up the PC in order to troubleshoot a compatibility problem. These are AOL Companion and Earthlink’s TotalAccess. I set these two files to “Deny Always.” Then on the Main tab I ensure the boxes are checked for “Protection Enabled,” “Execution Protection,” and “Block new and changed applications.” But when I reboot the PC, AOL Companion and TotalAccess start up the same as they do when they are set to “Permit Always.”

    I thought ProcessGuard would stop even those .exe files in the start-up folder from executing. Am I doing something wrong?

    I appreciate your assistance.

    Regards,
    Stro
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Stro,
    How early do they startup? coz i've demo'd anti-hook,online-armor,and i'm useing snoopfree right now,and i think they all started up before PG,so it was unable to catch them.
     
  3. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Stro

    I wouldn't recommend trying to stop an AOL service that way. If you don't want to use Companion, I would suggest going on line and doing a search in help. There you can probably find a way to kill it.

    Pete
     
  4. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    It won't catch/ask about something starting early, but if set to block then the driver can catch them and stop them. Driver start at SYSTEM is suggested if you are trying to stop something (not that you should bother catching antihook etc anyway)

    In the case of AOL though I wouldn't be surprised if the driver is supporting the process, in which case you have trusted code in the kernel and its meant to be allowed (by design and by PG being somewhat gracious). There could even be cases where this software is trying to stay alive, PG messing with it in kernelmode would more than likely to end up causing a BSOD :)
     
  5. Stro

    Stro Registered Member

    Joined:
    May 16, 2004
    Posts:
    130
    Location:
    Memphis, TN USA
    BSOD? What is that?

    Thanks all for your input. I used Mike Lin's Startup Control Panel to stop AOL Companion and TotalAccess from starting at system boot-up.

    I still have my blasted compatibility problem, but that's not the point of this thread.

    Thanks again,
    Stro
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,047
    Hi Stro

    If you don't know what BSOD is consider yourself most fortunate.:D

    BSOD = Blue Screen of Death, which is the screen that comes up when your machine crashes. Undesirable to say the least.

    Pete
     
  7. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    Wow! Someone who has never experienced a BSOD?? Yeah....EXTREMELY FORTUNATE. :D I wish I had never heard of a BSOD...my Dell Dimension 8300 has had a heck of a lot of them recently on XP too...so much so that Dell is sending me a replacement computer worth a lot more, much nicer, much newer (Gen 5) than my two year old 8300. That part is nice...but I still wish I had never heard of a BSOD....I got a lot when this computer was new due to nVidia driver and infinite loop and on my 98SE box...well, I am still very good friends with Mr. BSOD on that computer. :p
     
  8. Stro

    Stro Registered Member

    Joined:
    May 16, 2004
    Posts:
    130
    Location:
    Memphis, TN USA
    No, I did experience BSOD, once. I loaded a game, Empire Earth, at my son's request. It frozen the system so I rebooted and up came the BSOD. Fortunately I had a current image of my C: partition (made with BootIt NG) so I restored the image and was back to normal. I think imaging software is the best thing since sliced bread and advocate it often to people who take no action on my advice. I personally know only one other person (excluding IT professionals, of course) who uses imaging software.
     
Thread Status:
Not open for further replies.