Sysinternals Homepage
Forum Home Forum Home > Sysinternals Utilities > Process Explorer
  New Posts New Posts RSS Feed - Process Explorer and Internet Access
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Process Explorer and Internet Access

 Post Reply Post Reply Page  12>
Author
Message
PaulR View Drop Down
Newbie
Newbie


Joined: 26 September 2006
Location: United Kingdom
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote PaulR Quote  Post ReplyReply Direct Link To This Post Topic: Process Explorer and Internet Access
    Posted: 26 September 2006 at 11:02am
I downloaded Process Explorer yesterday. My Security Software McAfee requested me to grant Process Explorer access to the internet. Can anyone let me know why Process Explorer should require access.
Thanks for you help.
PaulR
Back to Top
namrehto View Drop Down
Senior Member
Senior Member


Joined: 23 June 2005
Location: Scotland
Status: Offline
Points: 3876
Post Options Post Options   Thanks (0) Thanks(0)   Quote namrehto Quote  Post ReplyReply Direct Link To This Post Posted: 26 September 2006 at 11:51am
It needs to do so to verify signatures, unless you disable that option. FWIW, in general PE starts up a good deal faster if that option is disabled.

You may also find that when you open the help file a connection is made to the outside world.
Gil
Back to Top
PaulR View Drop Down
Newbie
Newbie


Joined: 26 September 2006
Location: United Kingdom
Status: Offline
Points: 2
Post Options Post Options   Thanks (0) Thanks(0)   Quote PaulR Quote  Post ReplyReply Direct Link To This Post Posted: 27 October 2006 at 5:43pm
Hi Namrehto
Thanks for the reply and explanation.
Regards,
Paul
PaulR
Back to Top
BasC View Drop Down
Newbie
Newbie
Avatar

Joined: 18 July 2008
Location: United Kingdom
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote BasC Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 1:36pm
There is a problem with this feature.
 
I have found that if this option is enabled, and the internet access is blocked by security software, then my computer locks up (or at least runs impossibly slowly with Process Explorer taking all the resources.) A hard reboot has generally been the only escape.
 
I would classify this as a bug, since the program should be capable of running without internet access without disabling the computer, whether or not the signature verification option is checked.
Bas C
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 1:43pm
Hi BasC,
 
Quote (or at least runs impossibly slowly with Process Explorer taking all the resources.)
How did you determine this?
 
What version of Process Explorer are you using?
 
(I have no problem running Process Explorer without an internet connection...)
Daily affirmation:
net helpmsg 4006
Back to Top
BasC View Drop Down
Newbie
Newbie
Avatar

Joined: 18 July 2008
Location: United Kingdom
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote BasC Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 2:18pm
I am running version 11.02
 
Process explorer was the only app running at the times this occurred. It showed 100% cpu usage in the icon field. I suppose I should have said that something was hogging all the system resources.
 
The system speed, or lack of, was quite apparent. Clicking on the start button would produce a response about a minute later. Shut down could be initiated but it was never clear it was going anywhere.
 
Needless to say Ctrl-Alt-Del didn't work, probably because Process Explorer has been set to replace Task Manager. (Perhaps this sort of thing is why Microsoft, in their infinite wisdom, chose not to replace Task Manager with PE.)
 
I've had a look in the app Event Log and I found literally hundreds of these, which seem to coincide with when I believe the problem last occurred:
 
Event Type: Information
Event Source: HHCTRL
Event Category: None
Event ID: 1904
Date:  18/07/2008
Time:  14:27:33
User:  N/A
Computer: FROG
Description:
The description for Event ID ( 1904 ) in Source ( HHCTRL ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: http://technet.microsoft.com/en-us/sysinternals/default.aspx, http://go.microsoft.com/fwlink?LinkID=45840.
It's gobbledygook to me, but does this shed any light on the problem?
 
Bas C
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 2:26pm
It looks like the event stems from this security update:
 
Were you browsing a .CHM file at the time?  Not sure what else would cause the events to be logged.
 
Quote I am running version 11.02
Please note that the current version is 11.20.
 
Quote It showed 100% cpu usage in the icon field.
I suppose you couldn't determine what process was responsible for it.
 
Wonder if you could decrease the priority of Process Explorer (using PE itself, or the "/p" command-line switch), and see if that let you check what was consuming CPU.  Alternatively, you could launch one instance of PE with its usual (high) priority, and another with a reduced priority, and use the high priority PE to see what's going on.
 
Any suggestions on how to reproduce the behavior you report?
Daily affirmation:
net helpmsg 4006
Back to Top
BasC View Drop Down
Newbie
Newbie
Avatar

Joined: 18 July 2008
Location: United Kingdom
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote BasC Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 4:31pm
Thanks. I will update my program.
 
With regard to reproducing the problem:
 
Set Process Explorer to run at Startup with signature verification enabled, and to run in place of Task Manager.
 
Set the firewall so that it asks whether or not to allow Process Explorer to access the internet.
 
Restart the computer.
 
When PE asks to be allowed to access the signature authentication website, click "Deny".
 
This causes my computer to lock up. It has happened often enough and consistently enough for me to know that the act of denying internet access to PE is the cause of the lockup.
 
You asked what I was doing at the time. The answer is nothing, apart from what I said above. However I am lothe deliberately to reproduce the event now that I have found out how to prevent it. Hard rebooting a running computer is not something I like having to do... as there is always the possibility of corrupting the disk. I just thought that I would report what happened so others can avoid it or investigate further.
 
Some more points of possible relevance: my PE installation is set to allow only one instance and my AV/Firewall program is Steganos IS 2008 (which is a variant of AVG7) - fully up to date. My OS is Windows XP SP2.
Bas C
Back to Top
molotov View Drop Down
Moderator Group
Moderator Group
Avatar

Joined: 04 October 2006
Status: Offline
Points: 17516
Post Options Post Options   Thanks (0) Thanks(0)   Quote molotov Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 5:00pm
Quote This causes my computer to lock up. It has happened often enough and consistently enough for me to know that the act of denying internet access to PE is the cause of the lockup.
How long did you wait?
 
Quote When PE asks to be allowed to access the signature authentication website, click "Deny".
PE doesn't ask, the firewall asks - correct?
 
By configuring PE to "Verify Image Signatures" and replace Task Manager, upon restarting the system I am unable to reproduce what you report on a system with no network connection.
 
Might the firewall be injecting code into Procexp.exe's address space, and causing the CPU activity?
Daily affirmation:
net helpmsg 4006
Back to Top
BasC View Drop Down
Newbie
Newbie
Avatar

Joined: 18 July 2008
Location: United Kingdom
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote BasC Quote  Post ReplyReply Direct Link To This Post Posted: 18 July 2008 at 5:32pm
Quote How long did you wait?
 
Several minutes - long enough.
 
Quote PE doesn't ask, the firewall asks - correct?
 
Yes, that is technically correct. The message in the firewall popup phrases it as though the app is asking.
 
Quote Might the firewall be injecting code into Procexp.exe's address space, and causing the CPU activity?
 
Yes. I would suspect that it has something to do with the firewall. I am sure that it is the fact that it is being blocked, rather than that there is no connection that is causing the problem. I am not sure how firewalls block internet access from the inside. However PE is one of those programs with enough privileges to 'know' when a connection exists and when it is being blocked. Blocking other programs does not generally cause problems.
 
Still, it is reassuring to know that PE runs happily without an active internet connection.
 
I have now installed v11.20.
Bas C
Back to Top
 Post Reply Post Reply Page  12>
  Share Topic   

Forum Jump Forum Permissions View Drop Down