wallacegal

Program Marked As Trusted Is Stopped

Recommended Posts

I have a program that was working fine, just a little program called DesktopMeadow.exe. Now suddenly, it no longer will run and when I look under Behavior Blocker, the program is marked as trusted but under the ID column, it's marked as Stopped. I miss this program and need to know how to get it started again. I see that several other programs marked as either Trusted or Monitored, that Do work, are also marked as Stopped under the ID column. Not sure what's going on, but any help would be appreciated. I've uninstalled and reinstalled the program and it still won't run.

Windows 10
Emsisoft Version: 2020.6.0.10209

Thank you!

Share this post


Link to post
Share on other sites

If the program is trusted in Emsisoft Anti-Malware then it should be allowed to run.

Try right-clicking on the little Emsisoft icon in the lower-right corner of the screen (to the left of the clock), going to Protection status, and selecting Disable Behavior Blocker. After that try to run the program and let me know if it works.

Please be sure to turn the Behavior Blocker back on again after doing this.

If disabling the Behavior Blocker allows the program to run, then you may need to add exclusions for the program so it will run with the Behavior Blocker on:
https://help.emsisoft.com/en/1815/how-do-i-exclude-a-program-from-an-emsisoft-product/

Share this post


Link to post
Share on other sites

Thank you. I'd already disabled the Behavior Blocker. Didn't help. Excluded the program from those places I could in the Emsisoft program. Didn't help. It's odd because for 35 or 40 days, it worked perfectly. And yes, I did pay for it so it's not something that was a free trial. But now, it tries to start, I can see that, but it won't. Whether trying to open it or run as admin, doesn't matter. I wondered why Emsisoft has it marked as Stopped under the ID column for Behavior Blocker.

Thank you.

Share this post


Link to post
Share on other sites

I somehow don't think the problem is with EAM.

The app seems to have a few issues.

Share this post


Link to post
Share on other sites
2 minutes ago, stapp said:

I somehow don't think the problem is with EAM.

The app seems to have a few issues.

I do see that some are experiencing the same problem as me, but asking each one to tell me what their set-up is so I can gauge what's wrong, well, most probably wouldn't answer anyway. The only things that update automatically on my laptop are the Emsisoft program and, I guess semi-automatically, would be Chrome. Since Chrome has gone through a couple updates now and Emsisoft updates sometimes twice a day, I guessed that one of those definitions maybe, is what is causing the program not to run. It's just frustrating.

Thank you both. I will continue to investigate.

Share this post


Link to post
Share on other sites

@GT500 - what exactly does "Stopped" mean?    That status is not described in the help webpage about BB nor the "comprehensive" one linked from it.

I think I assumed, based on whenever I last saw an instance of something saying "Stopped" in my BB display, that the line represents something for which the user has defined a rule (ie the BB knows it's a process that might be active),  which isn't currently active.   It doesn't (or does it?) mean a process that the BB has stopped.  (That would be 'Blocked', surely?)

 

Also... why does it take the BB so long to populate the list of processes?    Perhaps worse than the delay, is the uncertainty of whether one is waiting for something.  The display could do with a placeholder that says eg "finding list of active processes" and some indication of how far through that search the system has got to.    Even then, I can see no reason for it to be so slow unless the code is written to display nothing until the whole list is ready for display and the process of building the list is for example first to get the active processes list from the OS (which is very fast) then do some sort of BB-dependent lookup of each one in the BB rules database (why should that be slow?).   If the display is being very slowly built, why doesn't the BB add lines to the display one at a time as they are discovered? - at least that way the user would know something is happening. 

Once the display is there... it doesn't stay uptodate.   I shut down "Process Hacker" and yet its entry (by name and pid) was still displayed one to two minutes later (I'm not sure of the exact delay but it was long enough for me to think "that's really odd", and start TM and look at its details display, sorted by pid.   Maybe the delay wasn't quite as long as it felt, but how long is it meant to be?   

Share this post


Link to post
Share on other sites
7 minutes ago, wallacegal said:

The only things that update automatically on my laptop are the Emsisoft program and, I guess semi-automatically, would be Chrome. ...

What version of Windows are you running?

Do you not allow your system to install Windows Updates?

Share this post


Link to post
Share on other sites
5 minutes ago, JeremyNicoll said:

What version of Windows are you running?

Do you not allow your system to install Windows Updates?

Windows 10 and no, I don't allow anything Windows to update unless I've researched it first. Too many times in the past, I've been burned by their ridiculous 'security updates' that a few weeks after release, are marked as flawed because of so many user reports of broken OS's and have to be uninstalled. I have no patience for that anymore. So no, nothing on my laptop has been updated since oh...December, I think. And I won't be updating to the latest edition either.

I use a program called StopUpdates10.

Share this post


Link to post
Share on other sites

@wallacegal- I used to work supporting the OS on a UK bank's mainframes.  We made very careful decisions about which fixes (from IBM and other vendors) would be installed, and how urgenty.  Almost nothing was installed on live systems until they'd been on internal test systems for weeks or months.   It also depended somewhat on whether the fixes were for specific problems we had had (and we could see that the fix worked better than the problem even if it wasn't a total fix) or whether they were fixes for things other sites had problems with even though we didn't.  The latter are broadly speaking similar to MS's monthly service rollups.

With Windows Updates l'm in favour of delaying installs of updates a little bit and checking that no-one else has major gotchas with them - generally though, updates that are truly terrible are withdrawn by MS within a week or so of their first release.    I think being six months behind with them is foolish though.

A while back MS made it much harder to research what each individual fix does, and the way they now bundle lots of fixes into one "rollup" is, I think, really bad.  I used to decide which fixes to install on a fix-by-fix basis.

One thing that perhaps you know... the 'preview' fixes that MS release are not aimed at normal users.  They are meant for developers to install, to give them a head start at finding out if those fixes (which normal users will get a month later) will cause problems.   I'm not sure that normal users all know that they shouldn't install the previews.

I'm also a little surprised; if you're that rigorous in your research of Windows Updates, that you would install this meadow thing?  Do you not apply the same level of rigour to the choice of every program you install?  For me, looking at the quality of support for one product or another, and the seller's involvement in fixing them, is a big part of deciding to use one program or another.   One only has to read through the user comments for this program to get (I think) a poor impression.

Share this post


Link to post
Share on other sites
5 minutes ago, JeremyNicoll said:

@wallacegal- Partial Quote:

With Windows Updates l'm in favour of delaying installs of updates a little bit and checking that no-one else has major gotchas with them - generally though, updates that are truly terrible are withdrawn by MS within a week or so of their first release.    I think being six months behind with them is foolish though.

 

If it wasn't for the fact that I have so many programs that only work on Windows that I've paid for and use quite often, I'd have switched to Linux exclusively, some time ago. My opinion (and it's like a nose, everyone has one) is that Microsoft is getting worse with each update. I don't want to have to reset everything every time there's a major update and while you may think being 6 months behind is foolish, it works well for me. Twice in the recent past, with their kb security updates, those updates have broken my OS to the point that I've had to reinstall my OS from scratch. I don't want to do that every few weeks so stopping the updates until I can go through them works for me as well.

As far as the security of a program, I run it through two different malware programs first though I don't install much of anything at all. And I've been a longtime user of his Desktop Goose program which I've not had problems with, so this problem came out of the blue and was a surprise. There weren't any derogatory comments about the program other than its stopping working but no one knows why.

Since I saw the "stopped" in the ID column, I thought perhaps Emsisoft had something to do with suddenly stopping the program since I don't know what that means in that column and really haven't gotten an answer. However, at this point, I've uninstalled the program and will move on as far as trying to figure out what happened. 

thank you

Share this post


Link to post
Share on other sites
16 hours ago, JeremyNicoll said:

@GT500 - what exactly does "Stopped" mean?    That status is not described in the help webpage about BB nor the "comprehensive" one linked from it.

It's been a while since I've had to answer that question, so let me check with QA to make sure I give you the right answer. ;)

 

17 hours ago, wallacegal said:

I'd already disabled the Behavior Blocker. Didn't help. Excluded the program from those places I could in the Emsisoft program. Didn't help.

If you excluded the application from both scanning and monitoring, and it didn't help, then EAM almost certainly isn't the cause of the issue. When an application is excluded from both scanning and monitoring, EAM won't even open hooks to it when it's running.

EAM should also list the status as "Excluded" in the Behavior Blocker processes list.

 

16 hours ago, JeremyNicoll said:

Also... why does it take the BB so long to populate the list of processes?

The UI has to load the information from a2service.exe, and it needs to load all of the information that appears in the list, which can take a few seconds to complete. The UI framework we use may also slow it down a little bit, since I would believe it is rendering the list as an HTML table (or something to that effect).

 

16 hours ago, JeremyNicoll said:

Once the display is there... it doesn't stay uptodate.   I shut down "Process Hacker" and yet its entry (by name and pid) was still displayed one to two minutes later (I'm not sure of the exact delay but it was long enough for me to think "that's really odd", and start TM and look at its details display, sorted by pid.   Maybe the delay wasn't quite as long as it felt, but how long is it meant to be?

Off the top of my head I don't know how frequently the list refreshes, however I don't think it's intended to be a real-time processes list. The amount of time it takes to load the data from a2service is just too long in most cases.

 

15 hours ago, wallacegal said:

If it wasn't for the fact that I have so many programs that only work on Windows that I've paid for and use quite often, I'd have switched to Linux exclusively, some time ago.

Virtualization software (VMware Workstation, Virtual Box, etc) to run Windows in an isolated environment with snapshot support might help with that. Especially since you can still run most flavors of Linux as the host OS, and then just fire up Windows as needed. ;)

  • Like 1

Share this post


Link to post
Share on other sites
4 hours ago, GT500 said:

The UI has to load the information from a2service.exe, and it needs to load all of the information that appears in the list, which can take a few seconds to complete. The UI framework we use may also slow it down a little bit, since I would believe it is rendering the list as an HTML table (or something to that effect).

I just tried terminating a2start then restarting it.   This time, the list of processes showed as soon as I opened the BB display.   That somewhat suggests that it's not the UI process that builds the list, unless once it's built it, it puts it in some sort of shared memory (or memory owned by one of the other EAM processes). 

Then I thought: "Aha!  I turned off debug logging just before stopping a2start".  Maybe debug logging is what makes the table (re)build appear so slow.

So I stopped a2start again, restarted it, turned on debug logging, and went to the BB display.  And it was displayed nearly instantly, again.   So what's going on?

Share this post


Link to post
Share on other sites
12 minutes ago, JeremyNicoll said:

I just tried terminating a2start then restarting it.   This time, the list of processes showed as soon as I opened the BB display.   That somewhat suggests that it's not the UI process that builds the list, unless once it's built it, it puts it in some sort of shared memory (or memory owned by one of the other EAM processes). 

a2start may have loaded the data when it launched. Once the data is expired (too old), it would need to be reloaded and the table drawn again, which it isn't going to do if no one is looking at that data.

 

5 hours ago, GT500 said:
21 hours ago, JeremyNicoll said:

@GT500 - what exactly does "Stopped" mean?    That status is not described in the help webpage about BB nor the "comprehensive" one linked from it.

It's been a while since I've had to answer that question, so let me check with QA to make sure I give you the right answer. ;)

The official answer is that it indicates that there is a rule for the process in EAM, but that the process isn't running.

Share this post


Link to post
Share on other sites
18 hours ago, JeremyNicoll said:

@GT500  -  "Stopped" - thank you.   Will the documentation get updated?

I'll double-check to make sure.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.