Windows Update and Processguard

Discussion in 'ProcessGuard' started by DDCchik, May 18, 2005.

Thread Status:
Not open for further replies.
  1. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    I've been using PG for quite a long time and have it on my main two computers. I do malware removal for a hobby on a couple of forums so I'm not unfamiliar with system processes and malware processes which I often install to test removal methods - not on my main boxes though.

    Today I ran into a problem that I haven't come across before. A windows update tried to install and simply cannot. Windows installer 3.1. I have a vague recollection of a previous Windows hotfix being difficult to install but I believe that disabling PG worked in that case. I have attempted to install through automatic update and direct from the Microsoft website. I'm probably down to attempt No. 10 or 12. PG keeps blocking the installation. I've tried learning mode. I tried disabling PG. I tried disabling PG and shutting down the service. In fact I've tried everything short of uninstalling PG. I've rebooted about 10 or 12 times only to be informed that the update wasn't installed again :doubt:

    So it may be Wormguard. Removed that. Disabled Nod. Disabled Outpost. (I still have a hardware firewall) Still no go.

    I will probably sort this out myself but I admit to being puzzled. The balloon notice I get is from PG and reads that it blocked the install - no request ?
    This is despite being disabled on all fronts in various different ways. Uninstalling PG is probably next. I am concerned that I'm not getting any alerts even in learning mode - just the balloon that says blocked.

    If anyone has a suggestion before I actually do that it would be nice. I can't help thinking that this one update can't be that bad. Anyway it will have to wait until I've found the problem.

    XP SP2 PG 3.1000
     
  2. tlu

    tlu Guest

    You get a notice from PG although you disabled it? Very strange. My only explanation is that your PG installation is somehow messed up. Thus, a reinstallation would be a good idea indeed.

    The newest PG version is 3.15 - you should update!
     
  3. rickontheweb

    rickontheweb Registered Member

    Joined:
    Nov 14, 2004
    Posts:
    129
    No problems here. I downloaded the update exe and manually updated.

    I simply disabled PG's Protection on the main tab before executing it, which I always do for Windows patches.

    I did encounter a problem on another XP Pro machine here withOUT ProcessGuard on it. The update had to install twice because it failed on install the first time.

    So maybe it's a buggy or tricky patch? This update has to do with the Windows installer and not being able to bypass it's own Windows File Protection.
     
  4. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    It's only one of my computers that is doing this.

    I might update PG first and see what happens then. Thanks for the input :)
     
  5. polyglory

    polyglory Registered Member

    Joined:
    Jul 7, 2004
    Posts:
    76
    Location:
    Brussels, Belgium
    I had been having problems installing 3.1 on winXP Pro SP2, disabling PG did not work and it kept failing the download, and I had the latest version.

    I un-installed PG and the download went in fine, great after 8 failed attempts.

    Something not right some where I guess?

    Anyway, I will leave it to people with better knowledge then I :)
     
  6. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    I couldn't get Windows Installer 3.1 to "take", either (I'm beginning to wonder whether I want it to or not, actually, since I've never noticed anything wrong with the older version).

    Here's the PG log from the attempt (which failed multiple times):

    Thu 19 - 09:45:39 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1064]
    [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[428]susdsdbd16ed7779ba7439afedf000a1ba327 ]
    Thu 19 - 09:46:41 [EXECUTION] "c:\windows\system32\wbem\wmiprvse.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [916]
    [EXECUTION] Commandline - [ c:\windows\system32\wbem\wmiprvse.exe -embedding ]
    Thu 19 - 09:47:09 [EXECUTION] "c:\program files\mru-blaster\mrublaster.exe" was allowed to run
    [EXECUTION] Started by "c:\program files\mru-blaster\scheduler.exe" [3456]
    [EXECUTION] Commandline - [ "c:\program files\mru-blaster\mrublaster.exe" -silent ]
    Thu 19 - 09:48:35 [EXECUTION] "c:\windows\system32\wbem\wmiprvse.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [916]
    [EXECUTION] Commandline - [ c:\windows\system32\wbem\wmiprvse.exe -embedding ]
    Thu 19 - 09:48:37 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1064]
    [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runhandlercomserver ]
    Thu 19 - 09:48:43 [EXECUTION] "c:\windows\softwaredistribution\download\85edc023096735764b42f7ffe25be521\update\update.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\wuauclt.exe" [2748]
    [EXECUTION] Commandline - [ update\update.exe /norestart /quiet -er /parentinfo:d8d602b3a2b47f42afc01af9ca820ef9 ]
    Thu 19 - 09:49:16 [DRIVER/SERVICE] c:\windows\softwaredistribution\download\85edc023096735764b42f7ffe25be521\update\update.exe [2476] Tried to modify an existing driver/service named msiserver
    Thu 19 - 09:49:17 [EXECUTION] "c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\softwaredistribution\download\85edc023096735764b42f7ffe25be521\update\update.exe" [2476]
    [EXECUTION] Commandline - [ c:\windows\$msi31uninstall_kb893803v2$\spuninst\spuninst.exe /~ -q -z ]
    Thu 19 - 09:49:35 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\system32\svchost.exe" [1064]
    [EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" ]

    After each attempt, WU tells me the update failed, yet still asks for a re-start, which I've done to no effect. Also note that when it threw up the bolded entry above, that I allowed it (although I think I'm fixing to go back and take that out).

    I don't think that particular update is really ready for prime-time quite yet. Pete
     
  7. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Okay, I got the update to install without having to un-install PG.

    See screenshot. Everything had to be un-checked.

    Hope it was a wise decision.

    Side-note: There seems to be a problem with the version of "GenuineCheck" (or whatever the heck it is) that's on there. When I tried to run it, it told me that that version was no longer supported (?). So I did it without it. Wish I'd have tried it straight from WU, but I had already d/l'ed the thing manually from here: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q893803 . Pete
     

    Attached Files:

  8. tlu

    tlu Guest

    This behavior of PG is not normal. Disabling "Enable Protection" should be sufficient. I still think you should reinstall PG.
     
  9. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    FWIW, I had no problems here installing Windows Installer 3.1 (via Windows Update) with PG disabled.

    Nick
     
  10. richrf

    richrf Registered Member

    Joined:
    Dec 11, 2003
    Posts:
    1,907
    I had problems initially installing with PG enable. I disabled PG and the install went to completion.

    Rich
     
  11. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    Interesting!!!

    My log is almost identical to Spy1's log.

    What the heck is GenuineChecko_O
     
  12. benton4

    benton4 Registered Member

    Joined:
    Nov 29, 2004
    Posts:
    158
    Location:
    Oregon
    I had a similar problem a while ago and found that wmiprvse.exe had to be allowed along with wuauclt.exe for the update to work.Just my 2 cents.
     
  13. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
  14. DDCchik

    DDCchik Registered Member

    Joined:
    Mar 28, 2004
    Posts:
    39
    Ahh!! - From all the drama of going through the Windows Genuine Advantage Check stuff. That's good to know - thanks :)
     
  15. NormanS

    NormanS Registered Member

    Joined:
    Feb 3, 2004
    Posts:
    84
    On Windows 2000 Pro, Service Pack 4, Windows Installer 3.1 installed as soon as I disabled PG's "Protection Enabled" and "Execution Protection" and checked "Learning Mode".
     
  16. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I installed it from the MS download site (I don't use WU) and did not disable PG or put it in learning mode. It installed just fine. Everytime PG popped up, during the install, I just told it that it was ok for what ever wanted to run to do so.
     
Thread Status:
Not open for further replies.