controler
join:2003-11-02
| ProcessGuard Hello
I am seeing something wierd with PG. I and one other user has verified this. I saw it on my XP Pro desktop, then today installed PG on my laptop and see it there also.
I can't get a reply from DCS and not many are even trying it out over at Wilders.
I was wondering sif some of the users here could give it a try?
All you do is follow these steps.
1. go to »www.kkln.com/
2. click on the tab On The Loon
3. Click on Melanie
4. When the page loads, right click on her picture.
5. Click save as to desktop.
6. Open the file with Windows picture and fax viewer.
7. If Pg doesn't peep at first, close the picture and try it again. Sometimes takes twice.
8. Open the picture and click the magnify button.
On mine and one other posters system, PG alerts saying explorer.exe is trying to install service/Driver
controler | |
|
 Clone 171162
join:2005-08-03 | Re: ProcessGuard Chalk up one more verification. I've been getting this PG alert with literally dozens of jpgs, ever since upgrading to V3.4 final. Its probably a bug? | |
|
controler
join:2003-11-02
| We need to get more users verify this or nothing will be done.
What I wonder about it how does PG tag these files? How does it know one from another? It isn't the size, I tried that. I even resized the dang things and still alerts.
I have a ton of JPG's myself and PG only alerts on a few.
Can get no answer what so ever from DCS. Wrote them pri and in their so called forum.
Love the program, Hate their support now.
con | |
|
Nogard is me
Premium
join:2004-01-08
Columbus, OH | I tried for about 5 minutes and I didn't get a pop up saying anything about explorer tring to install a driver. | |
|
controler
join:2003-11-02 | Did you have exe protection enabled,Plus all 4 globals checked?
con | |
|
controler
join:2003-11-02 | And you have BoClean installed? | |
|
|
 | 
norwegian
Premium
join:2005-02-15
Outback | Re: ProcessGuard I have had it uninstalled, but willing to try installing the free version, if needed. Chicken indeed  | |
|
norwegian
Premium
join:2005-02-15
Outback
 ·WestNet Broadband
| Got nothing, other than a picture, opening with various image tools. PG though when running paint(windows) asked permission for paint program, and svchost as well after, but otherwise no other warnings. All the time I ran PG, never saw the service/driver request.
Maybe I missed something ? | |
|
controler
join:2003-11-02 | thanks norweigen
You have to be running the latest version, everything ticked and has to be either Melanie or Nate form the website. Running XP | |
|
|
norwegian
Premium
join:2005-02-15
Outback | Re: ProcessGuard I didn't click Nate, but clicked on Melanies file a dozen or so times, and opened it with various imaging software, but nothing unusual. Reboot and Watcher didn't record any changes in file structure either. | |
|
controler
join:2003-11-02 | nick r over at Wilders was able to figure out you need the print spooler running before PG will alert.
I dissable the spooler with task manager and I do not get an alert either. | |
|
| |
controler
join:2003-11-02 | yes all you need is the spooler running in task manager.
It still does not answer why Pg alerts only on those files and not others on my drive. Has to be a way PG tags them.
controler | |
|
Nogard is me
Premium
join:2004-01-08
Columbus, OH | I don't have BoClean running, I do however have PG running on all cylinders. I didn't get the message at all. I have Print Spoiler running also. | |
|
|
SpannerITWks
Premium
join:2005-04-22
| Irondell
In a word, MetaData ! Normally hidden extra data within the file, sometimes can be used for dodgy purposes.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks | |
|
controler
join:2003-11-02 | Spanner
I never got a reply from DCS on this and most likely never will. It only happens with spoolsv.exe running.
So you say it is the meta feature huh that they use to tag files? | |
|
|
SpannerITWks
Premium
join:2005-04-22
| Re: ProcessGuard controler
Hey well i'm NO expert you All know that, but when i saw Irondell's post about the 'clean' JPGs, a bell immediately started ringing. Yeah, the bells the bells lol.
Anyways as cleaning image files " can " remove ALL MetaData, i'm " presuming " there " may " be a connection there. Quite why spoolsv.exe needs to be running @ the same time i'm not 100% sure.
But as i was just writing the above, the bells started again lol. Didn't the WMF exploit fiasco have some connection with spoolsv.exe, or was it the TextCreateRange exploit, or maybe both ?
Possibly someone can verify this, or otherwise !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks | |
|
controler
join:2003-11-02
| Spanner
I hear that but have that hole sealed as far as MS knows.
It happens on any install I have. Doesn't matter which computer. When I see it on a fresh install on a new computer I wonder. Support will not even make a peep on this one.
If there is hidden meta stuff attached to those JPGs, The site don't know about it I am sure. I know Melanie personaly.
con | |
|
|
controler
join:2003-11-02 | Pg doesn't alert on the download, nly the opening of the picture. It doesn't matter if you download it with IE or Firefox. | |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
|
I downloaded the image of both pictures, off Internet Explorer to the desktop as you requested, the addresses came from the desktop image when viewed with FileAlyser.
But as prior, had no warning of any sort, and double-checked that spooler service was set to "started", and automatic, but this test was with the latest version 3.4.1.0, but the first test was with the prior build.
Good luck finding the answer;
just one of those software glitches from installation maybe, corrupt read/write, interpretation of the code ?
Also does everyone only see it with the "Full" version, as I could only test with the free version ?
| |
|
controler
join:2003-11-02
| I installed the full version on three computers. One XP Pro, One XP home laptop and One Dell XP home. I never dissallowed services.exe. In the main GUI tab
I have exe protection enabled. on top and bottom I have all 4 ticked. Open task manager and make sure spoolsv.exe is running Open the picture with Windows picture and fax viewer. PG may not alert on the first opening but usualy does on the second for sure. Otherwise when you open it and PG doesn't alert, all you have to do is click the magnifying glass and then PG alerts.
This is using the last two builds of PG FULL.
I have two LIC after the TDS-3 event.
The Dell is a used one I bought that had a fried MOBO,
So it has new Mobo & Hard Drive with fresh clean install of XP Home, PG & BoCLean.
If you shut down spoolsv.exe, the alerts go away.
It's not a system issue but tow of the desktop do have GeForce video cards installed. One had the GeForce software installed that came with card, the Dell only has the Windows driver for the card installed.
I know PG is having some issues with GeForce video cards?
controler | |
|
aol
@aol.com | Can someone clarify whether this bug is a security risk or a bug which needs some manipulation to expose if this thread is anything to go by ? | |
|
|
|
|
