Page 1 of 3 123 LastLast
Results 1 to 15 of 40
  1. #1
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Angry Online Armor install causing Win7 startup errors

    Following uninstalling and cleaning up after Vipre (& backups & System Restore points), I installed trial versions of Emsisoft AM and Online Armor yesterday, fought with OA until past midnight, then shut down and disabled OA (via MS Services, available after OA shutdown), and switched to Windows firewall, whereupon all was well. Went to bed and just before falling asleep remembered an anomaly where some "garbage" characters had briefly appeared in the list of trusted programs, after which the list disappeared.

    So this morning I completely uninstalled OA plus all traces and created another System Restore point. Then I re-downloaded OA and reinstalled it, after making sure all else on my computer (Lenovo laptop with Win7Pro) was running well -- including Classic Menu, Classic Explorer, and Shell Folder Fix, etc. I accepted the default settings and watched it go through its Learning mode again for the prescribed 2 minutes. Reviewed the results, just to see, and added a few Allowed programs, keeping a more hands-off approach this time in case I was getting in the way. Also allowed OA exe files in EAM.

    Once again, I'm having problems getting those programs to run predictably and on startup (e.g., 2nd boot the Classic Menu worked, 3rd & 4th times not), even though added under Firewall as Allowed. And once again, I've encountering various system file startup WerFault.exe memory-read/write errors -- igfxtray.exe, hkcmd.exe, and igfxpers.exe, which handle things like on-screen volume control at the swipe of an LED "button," etc. on my laptop; also Logitech SetPoint & Lenovo battery mgt. Each boot adds more system file WerFault errors. And the snowball continues downhill......

    Task Manager won't run, nor will Process Explorer (Sysinternals), although Autoruns does start. The MS Mgt Console won't run, so no access to Services. Even little Notepad freezes & closes; I'm making notes on my Stickies program and on paper -- no printscreen, either. I've added various Lenovo, Logitech, & Intel exe files as Allowed. And I've turned on debug mode, figuring someone will want that info.

    I've emailed Emsisoft support, but apparently they work M-F. Am hoping Rui has some ideas; until then, I'm shutting down & then disabling OA in order to have a functional computer.

  2. #2
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    You should try and get OA in Learning mode and then boot the system like that. OA in learning mode takes notice of what programs are running and automatically authorizes them. Once you are happy with everything running, you can get OA off learning mode.

    With OA and running programs, the Programs option in the side menu is very important. This is the whitelist maintained by OA and it is independent of the firewall settings, which are related to permissions for such programs to access your network (or the internet). After learning mode, you can open this list and make sure all programs here are set as Allowed and Trusted. That should get your started without issues.

    HTH
    Rui
    -------
    R4

  3. #3
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Yeah, I forgot to mention that both last night and this afternoon I did just that -- put it into Learning mode and then rebooted -- and again -- and again. It's just not wanting to learn, I guess -- I can't figure out what's going on. Any other ideas?

    And this time around, I discovered that after shutting OA down, I still couldn't get into Services, nor could I even bring up the Start Menu without restarting Explorer each time, although I had just unchecked the OA "Launch at Next Startup" when I received notification of your response.

    And thanks, Rui, for responding -- right after I posted, even.
    Last edited by Mountain Aerie; 2014-09-27 at 19:10. Reason: Forgot to thank Rui.

  4. #4
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    Hmmm... what security programs did you use before OA, other than Vipre, that is?

    That situation is very uncommon. My first suspect would be some incompatibility with security software (or remains of such). To find out what is happening, I think the very best is to involve Emsisoft's support,by posting in their support forum (I know you said you'd rather not do it but with so many problems, it's probably the only way to find out what is going on and sort it). They can lead you through a troubleshooting procedure, that likely will involve configuring OA to create logs as it runs.
    Rui
    -------
    R4

  5. #5
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Thanks, Rui. I've been wondering about that, as well; I've been running EMET 5.0 and Malwarebytes AntiExploit Free, both of which did well with Vipre.

    OA recognized and allowed both MBAE and EMET automatically but then had the other problems. Facing facts, I find that OA's granular control and HIPS are a bit over my head -- actually, quite a bit over my head. Thus, if this can't easily be resolved, then I can accept the more automated EIS without HIPS. I'm behind a NAT router, and I do very little outside work anymore; my laptop is there only for reference, not hooked in.

    When I began looking for better security earlier this year, I decided that I wanted a multi-layered approach using more than a single vendor for active memory-resident protection, so I added EMET and took note of the fact that Emsisoft and Malwarebytes programs are not only highly rated but are said to get along well with others, being designed to do so. Thus they are key elements of that strategy. My bank has also been pushing the free Trusteer Rapport for their website, so that's another possible (optional) element, one that Vipre didn't handle well.

    The Emsisoft support page indicates either emailing or posting on the forum, so I think I'll just wait for their email reply. The time it has given me for further research, thought, and reassessment has been quite productive.

  6. #6
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I never used EMET and, for the moment, I don't think I will. The combo OA + EAM seems enough for my needs. Any robust, whitelisting HIPS would be a replacement for OA.

    This said, I believe there must be something in your setup that is causing OA to behave like that. I never had trouble running the on demand MBAE with OA, so I would look at EMET as the first possibility for conflicts.

    You being behind a router means EIS wouldn't bring much more, when compared with say, EAM + the windows firewall, other than an easier to configure firewall.
    The granular control of OA over programs is precisely the reason for me to use it. I can accept it is not a tool for everyone, but my experience is that it usually just works without need for much input, after an initial post setup phase, where it may require a bit more input from you.
    Rui
    -------
    R4

  7. #7
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Thanks for that, Rui. I'll be interested to see what Emsisoft support comes up with. I was really frustrated not being able to figure out what might be so unusual that it would stop OA in its tracks. When my laptop was new, I did my usual uninstallation or disabling of a number of the "features," and I keep a sharp eye on autoruns for stuff I don't want, so it's pretty pared down and runs smoothly.

    When I send Emsisoft whatever logs they want, they'll likely spot something.... If I can get OA through the setup phase and running well, so that only occasional adjustments are needed, then that's for the better, but I've let go of which way it might go. One of my life lessons: stubbornness, like most other things, can be taken to extremes.

  8. #8
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,624
    Thanks
    147
    Thanked 879 Times in 841 Posts
    Trusteer Rapport can be quite difficult to uninstall and has been known to cause problems for some.

    If you haven't installed it yet - then don't.

    I use HitmanPro Alert to protect my browser(s) which is also a freebie but trouble free, although I think you should resolve your current problems before adding another layer.

    Here it is for when you are ready http://www.surfright.nl/en/alert

  9. #9
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Oh, I for sure will take it one step at a time! And I mentioned Trusteer Rapport only as a possibility; if all else is working well, then I see little if any need for it.

    Just now finished a new install of OA, after stopping and disabling EMET. Same ol' thing with memory read/write errors -- this time happening *during* the Learning process following reboot. Will try putting it into Learning mode and rebooting once, but if no go, then once again will uninstall it.

  10. #10
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,624
    Thanks
    147
    Thanked 879 Times in 841 Posts
    Just wondering if it's DEP that's causing the problem and may be changing its settings could help http://windows.microsoft.com/en-gb/w...ntion-settings

  11. #11
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Thanks, Sudo15. I just now finished bringing my computer back up to speed following my 3rd clean install of OA (and now uninstall) -- this time with EMET stopped and disabled (rather than uninstalling it, although I could have done that, then reinstalled with prior settings).

    In any case, it came up with the same memory read/write errors with basic system files. In the OA install process, I enabled full debug logging right off the bat during the install, just before the reboot. Then once up, with the same system errors, I put it into Learning mode and rebooted again. Without EMET running at all, I had the same problems. Couldn't even run Notepad to paste in the contents of one Debug window -- had to use Notepad++. Copied the OA Log folder to my data folders, plus any other logging type of info., so perhaps Emsisoft can figure it out, but I really *am* done for now -- third time was not the charm.

    Thanks for your suggestion, though. Perhaps if OA does get up and running, DEP would be something to look at.

  12. #12
    Administrator
    Join Date
    Jun 2010
    Location
    Portugal
    Posts
    12,519
    Thanks
    152
    Thanked 1,398 Times in 1,221 Posts
    I have DEP turned on and it doesn't affect OA.

    Given the OA situation, I would probably wait for the contact from Emsisoft's support. I guess only the info in the logs can shed light on what may be causing this.
    Rui
    -------
    R4

  13. #13
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,624
    Thanks
    147
    Thanked 879 Times in 841 Posts
    I know it would seem to defeat the object of running OA in Learning Mode, but have you thought of doing this in a clean boot and then adding the Startup items back one by one - although you don't need any items in Startup for the system to run, but it could also be one of the non-MS services.

    Rui doesn't seem to have any problems so the conflict must lay with what else you have installed.
    Last edited by Sudo15; 2014-09-28 at 19:53.

  14. #14
    Star Lounger
    Join Date
    Feb 2010
    Location
    Rocky Mountains
    Posts
    63
    Thanks
    8
    Thanked 4 Times in 4 Posts
    Thanks, Sudo. If you're referring to the Startup folder, those I've added are few, but yes, that is one thing I could try (when I'm ready for the next sparring match). Or were you referring to unchecking added software in the Sysinternals Autoruns Logon tab? Most are device drivers and such: Lenovo, Intel, Realtek, Synaptics, SRS Labs, etc., which seem to load first, with some of those being what crash and burn.

    As for a C:\EEK folder, I've never had one, but the OA uninstall is complete with no left-over folder under either Program Files folder, nor in Roaming; I double-check manually and with a CCleaner registry scan. My free version of EAM was simply authorized with the trial code, which enabled full memory-resident AntiMalware function.

  15. #15
    Super Moderator
    Join Date
    Aug 2012
    Location
    Durham UK
    Posts
    6,624
    Thanks
    147
    Thanked 879 Times in 841 Posts
    Sorry about the EEK folder bit - thinking of Emisoft Emergency Kit which is why I edited it out hopefully before you read it.

    If you have a restore point to take you back to before you installed all of these programs, I think you should just start with installing one of them such as EMET (as that appears to be a major player) if you want to keep that, then check to see that everything is fully functional then add either OA or Emisoft, but before adding the second of those, fully uninstall the other first so as not to muddy the waters.

    This bleepingcomputer.com site is useful for determining if a Start up item is required/desirable and clicking on either of those in the grid will give an explanation of their function.

    Any not listed that you want to check out can be manually entered into the Search box. http://www.bleepingcomputer.com/startups/

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •