RuyLopez

Program Guard blocks RollbackRx component

Recommended Posts

Greetings,

OS: Windows XP Pro, SP3 fully updated as per Secunia PSI and Belarc Advisor

OA Premium v 4.5.1.442

Resident Antivirus: NOD32 v 4.2.67.10

On-demand scanners: MBAM and SAS

Observations: On boot, OA blocks shdserv.exe which is a component of RollbackRx. No warning popup is generated. The logged action from History follows:

History Log:

Created: 1/6/2011 14:22:47

Summary: Program Guard: shdserv.exe -> shieldtray.exe

Description: C:\Program Files\Shield\shdserv.exe(1648) wants to remotely control C:\Program Files\Shield\shieldtray.exe(3648)

Event type: Program Guard(9)

Event action: Blocked(3)

The result of this blockage is that shieldtray.exe is also blocked such that the RollbackRx icon fails to appear in the system tray. Thus, I cannot invoke any actions of RollbackRx via the system tray which severely diminishes the utility of the program.

Changing the status of shdserv.exe from Ask and Untrusted to Allow and Trusted does not resolve the problem. Following reboot, the changed status has been forgotten and again shieldtray.exe is blocked.

I have run OA and RollbackRx on this computer for a long time, even using this version of OA. This problem has never occurred before and has appeared very suddenly.

Any suggestions as to how best to address this problem would be most welcome.

Best regards,

RL

Share this post


Link to post
Share on other sites
OA Premium v 4.5.1.442

Current version is 4.5.1.431. And if OA blocks something you wanna trust,then trust and allow them in the program guard.

Tyler

Share this post


Link to post
Share on other sites

As stated in the original post:

OA Premium version 4.5.1.442. That is not an error.

Also as stated originally, resetting the program component status to Allowed and Trusted fails to carry through if the system is rebooted and therefore does not resolve the problem. That observation is reproducible.

Share this post


Link to post
Share on other sites

Perhaps try removing it from the programs list altogether, rebooting and then running the Safety Check Wizard.

Share this post


Link to post
Share on other sites

As stated in the original post:

OA Premium version 4.5.1.442. That is not an error.

Also as stated originally, resetting the program component status to Allowed and Trusted fails to carry through if the system is rebooted and therefore does not resolve the problem. That observation is reproducible.

Curious as to where you got this version, as the last release is indeed 4.5.1.431

Share this post


Link to post
Share on other sites

Curious as to where you got this version, as the last release is indeed 4.5.1.431

While I have never seen a build that showed this build number in the GUI, I do however remember that every single paying OA customer was autoupdated with several OA components that was exactly build 4.5.1.442

Everybody that have installed latest official release AND pressed "Check for updates" can confirm this.

Martin.

Share this post


Link to post
Share on other sites

Greetings,

I finally got a pop-up notification when I booted the machine this morning. Given that notification, the RollbackRx system tray icon did load as normal. I will keep an eye on this to see if the Allowed and Trusted settings continue to hold on subsequent boots and will report back in due course. Should they fail to hold, I will try the suggestion offered by stapp.

As to where I got this version, from andrewf more than two months ago.

Best regards,

RL

Share this post


Link to post
Share on other sites

While I have never seen a build that showed this build number in the GUI, I do however remember that every single paying OA customer was autoupdated with several OA components that was exactly build 4.5.1.442

Everybody that have installed latest official release AND pressed "Check for updates" can confirm this.

Martin.

Thanks Martin. I was just curious, as there is no record of it. Appreciate the info.

Pete

Share this post


Link to post
Share on other sites

Greetings,

After several failures, I have tried the suggestion posted by stapp to delete the shdserv.exe entry within Programs, reboot, and run Safety Check Wizard. As expected, that did generate pop-ups regarding shdserv.exe. I checked the appropriate options for remembering my decision and trusting the entry. Those selections failed to hold through a reboot of my system.

Thus far, the only thing that has appeared to work is to set the entire C:\Program Files\Shield folder as an exclusion. Why this is suddenly necessary, and whether or not it is a safe solution are questions for which I do not have answers.

Best regards,

RL

Share this post


Link to post
Share on other sites

I also have had a problem with OA forgetting my program settings. OA paid, 4.5.1.431 XP service pack 3, fully updated. The two programs are both freeware: Kurlo and Photoscape. I have both set as allowed and trusted, but I get the popup asking permission after each computer restart. I tried running the Security Check Wizard again; still asks again. Occasionally it will happen to other programs (but only rarely).

Share this post


Link to post
Share on other sites

I also have had a problem with OA forgetting my program settings. OA paid, 4.5.1.431 XP service pack 3, fully updated. The two programs are both freeware: Kurlo and Photoscape. I have both set as allowed and trusted, but I get the popup asking permission after each computer restart. I tried running the Security Check Wizard again; still asks again. Occasionally it will happen to other programs (but only rarely).

Hi 1eyedjack,

Do you have a screenshot you could attach of the two alerts you are seeing for these programs? :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.