Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to controler
Re: ProcessGuard
said by controler  :I guess now in my mind PG is a dead product as TDS-3 was Don't you think that may be because of Microsoft locking the kernal in Vista so PG won't work and DiamondCS will be sued by Microsoft if they hack the kernal? There is a thread at Wilders started by another vendor with security software similar to PG asking everyone to boycott Vista for this reason. Pay particular attention to Herbalist's posts begining with #27.
»www.wilderssecurity.com/showthre···t=143678
--
"If you want to do DRM on a PC then you need to treat the user as the enemy." Ross Anderson in "`Trusted Computing' Frequently Asked Questions" |
|
controler
join:2003-11-02 | reply to controler
I guess now in my mind PG is a dead product as TDS-3 was |
|
daT
CSM 101
Premium
join:2002-09-15
Toronto, ON
 ·Rogers Hi-Speed
| reply to controler
After reading this I though I'd pop in with my 2c.
Since v3.15 I've had the driver/service disabled. Why? Because I use SAV CE and, along with a lot of other users of the product find PG going schitzo after each av defintion update. The only recourse was to disable the feature.
Pretty much rendered PG pointless... almost.
I see that there are still issues with that aspect of the tool.
And this is not a new issue.
From what I can recall its been 6 months now.
And, there are still a number of other issues related to the latest build.
Its a shame really as, imo, this tool was indespensible.
I don't run it any longer on my XP box, and, not needed on my 'nix box 
--
daTerminehtor |
|
Wake2
join:2005-04-30
 ·AT&T Yahoo
1 edit | reply to controler
After my post earlier today I found that if I clicked Melanies picture and clicked preview than PG alerts
that explorer.exe wants to install a driver/service,
same results if I click magnify in Windows Picture
and Fax Viewer, PG alerts that explorer.exe wants
to install a driver /service, but if I click the
picture, and click open with Windows Picture and
Fax viewer, PG alerts rundll32 wants to install a
driver service, when the picture is opened, and
when you click on magnify same results PG alerts
that rundll32 wants to install a driver /service.
If you terminate spoolsv.exe and open Melanies picture
than PG gives no alerts period at all.
If you manually add spoolsv.exe to PG and allow driver
service install you get no alerts from PG when opening
that picture.
edit forgot to add no alerts until I rebooted than once
again the PG driver service weirdness with Melanies pic
was back.
Regards,
Wake |
|
controler
join:2003-11-02 | reply to controler
Mine says explorer.exe is trying to install the service or driver.
Nice to see others seeing the same thing.
controler |
|
Wake2
join:2005-04-30
·AT&T Yahoo
1 edit | reply to controler
ok i downloaded the Melanie pic, opened it with
Windows Picture and Fax Viewer first time got no
reaction from PG (have the full version) second
time though when hit magnify PG does alert that
rundll32.exe tried to install a driver / service.
I have rundll32.exe set to allow once, and I am
using PG version 3.4.10 Full.
Regards,
Wake
Edited: If you use task manager to shut down
spoolsv.exe and than reopen Melanies pic using
Windows Picture and Fax Viewer and hit magnify
PG throws no alerts for rundll or driver service
install .. have a Lexmark Printer and no GeForce
video card installed. |
|
FiL
Premium
join:2005-08-16
Silver Spring, MD
| reply to controler
Im a avid PG user, and love its newest build.
Got a Geforce 4 system @ home I can test this problem out on.
I'll DL the proper prog's from here at work, then transfer em to the the Geforce pc.
Check back in a day or 2.  |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| reply to controler
Maybe I need to pull out the old system with the ATI card in, and see.
This computer and the minor problems I have seen with the last 2 builds was tested on a machine with GeForce card, so this maybe is a common denominator.
It would be great if at least someone else checked this out. What of the graphics card on Clone 171162's machine.
It also maybe an issue with the Full version, which I was almost in the process of buying, but Kaspersky are travelling some in roads of late, and it would seem a waste of money, unless I bought PG, and ran a free A/V.
I was actually thinking if it was a glitch with A/V software, but without seeing this event, and running something like Filemon I am only guessing here.
Would have liked to be more help, but without reproducing the same thing here, I am out of idea's, sorry.
|
|
aol
@aol.com | reply to controler
Can someone clarify whether this bug is a security risk or a bug which needs some manipulation to expose if this thread is anything to go by ? |
|
controler
join:2003-11-02
| reply to controler
I installed the full version on three computers. One XP Pro, One XP home laptop and One Dell XP home. I never dissallowed services.exe. In the main GUI tab
I have exe protection enabled. on top and bottom I have all 4 ticked. Open task manager and make sure spoolsv.exe is running Open the picture with Windows picture and fax viewer. PG may not alert on the first opening but usualy does on the second for sure. Otherwise when you open it and PG doesn't alert, all you have to do is click the magnifying glass and then PG alerts.
This is using the last two builds of PG FULL.
I have two LIC after the TDS-3 event.
The Dell is a used one I bought that had a fried MOBO,
So it has new Mobo & Hard Drive with fresh clean install of XP Home, PG & BoCLean.
If you shut down spoolsv.exe, the alerts go away.
It's not a system issue but tow of the desktop do have GeForce video cards installed. One had the GeForce software installed that came with card, the Dell only has the Windows driver for the card installed.
I know PG is having some issues with GeForce video cards?
controler |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| reply to controler
I downloaded the image of both pictures, off Internet Explorer to the desktop as you requested, the addresses came from the desktop image when viewed with FileAlyser.
But as prior, had no warning of any sort, and double-checked that spooler service was set to "started", and automatic, but this test was with the latest version 3.4.1.0, but the first test was with the prior build.
Good luck finding the answer;
just one of those software glitches from installation maybe, corrupt read/write, interpretation of the code ?
Also does everyone only see it with the "Full" version, as I could only test with the free version ?
|
|
controler
join:2003-11-02 | reply to controler
Pg doesn't alert on the download, nly the opening of the picture. It doesn't matter if you download it with IE or Firefox. |
|
norwegian
Premium
join:2005-02-15
Outback
·WestNet Broadband
| reply to controler
Even with the latest version of PG, still get no warnings. Maybe it has to do with the web addresses in the data of the picture, without sounding paranoid. 
ht tp://ns.adobe.com/xap/1.0/
ht tp://www.w3.org/1999/02/22-rdf-syntax-ns#'
ht tp://ns.adobe.com/iX/1.0/'>
ht tp://ns.adobe.com/xap/1.0/mm/'>
ht tp://www.iec.ch
ht tp://www.iec.ch
On a side note: PG didn't alert to opening Opera to post this(fresh install of PG, turned off learning mode).
What is going on down at DCS headquarters ? |
|
controler
join:2003-11-02
| reply to controler
Spanner
I hear that but have that hole sealed as far as MS knows.
It happens on any install I have. Doesn't matter which computer. When I see it on a fresh install on a new computer I wonder. Support will not even make a peep on this one.
If there is hidden meta stuff attached to those JPGs, The site don't know about it I am sure. I know Melanie personaly.
con |
|
SpannerITWks
Premium
join:2005-04-22
| reply to controler
controler
Hey well i'm NO expert you All know that, but when i saw Irondell's post about the 'clean' JPGs, a bell immediately started ringing. Yeah, the bells the bells lol.
Anyways as cleaning image files " can " remove ALL MetaData, i'm " presuming " there " may " be a connection there. Quite why spoolsv.exe needs to be running @ the same time i'm not 100% sure.
But as i was just writing the above, the bells started again lol. Didn't the WMF exploit fiasco have some connection with spoolsv.exe, or was it the TextCreateRange exploit, or maybe both ?
Possibly someone can verify this, or otherwise !
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
controler
join:2003-11-02 | reply to controler
Spanner
I never got a reply from DCS on this and most likely never will. It only happens with spoolsv.exe running.
So you say it is the meta feature huh that they use to tag files? |
|
SpannerITWks
Premium
join:2005-04-22
| reply to controler
Irondell
In a word, MetaData ! Normally hidden extra data within the file, sometimes can be used for dodgy purposes.
Spanner
--
I Only Know What I Know, But I'm Learning all The Time - Stay Safe - Spanner intheWorks
/SpannerITWks |
|
Irondell
@pipex.com | reply to controler
I have noticed that if you 'clean' JPGs with this »www.snapfiles.com/get/jpgcleaner.html ProcessGuard doesn't give out the usual alert. Why is that I wonder?? |
|
Nogard is me
Premium
join:2004-01-08
Columbus, OH | reply to controler
I don't have BoClean running, I do however have PG running on all cylinders. I didn't get the message at all. I have Print Spoiler running also. |
|
controler
join:2003-11-02 | reply to controler
yes all you need is the spooler running in task manager.
It still does not answer why Pg alerts only on those files and not others on my drive. Has to be a way PG tags them.
controler |
|
