Results 1 to 8 of 8
  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    TrueImage - Sygate Alert

    I have, within the past couple of weeks, upgraded to TrueImage 8.0 Build 763 and Sygate Personal Firewall 5.5 Build 2710 on this XP Pro machine, STILL running SP-1

    Yesterday during my weekly imaging of the three drives in this machine, a warning message popped up from SPF concerning an attempted "application hijacking." Here is the comment text from that message taken from the SPF security log:

    "Application Hijacking has been detected
    The application: C:Program FilesCommon FilesAcronisSchedule2schedul2.exe
    try to launch another application: C:Program FilesAcronisTrueImageTrueImageService.exe"


    As you can see from the text, it doesn't say whether the "hijacking" was stopped. There is also other information in the security log, like remote host 0.0.0.0 and remote MAC FF-FF-FF-FF-FF-FF, which tells me nothing. I've sent an email to Acronis first and, depending on what I hear from them, will decide if I should write to Sygate as well. I asked Acronis to tell me what the purpose of this launching might be. I just wanted to point it out here in case one of you see this happen (or already knows the answer).

  2. #2
    3 Star Lounger
    Join Date
    Jun 2001
    Location
    Lewiston, Maine, USA
    Posts
    293
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: TrueImage - Sygate Alert

    Hi Al,
    I don't run SPF but do have TrueImage 7.0. I'm running WinME and noticed two additional programs running in the background: Schedhlp and Trueimagemonitor. I emailed support and asked if they both needed to be running, their reply was yes, they both needed to be running for Trueimage to 'do' it's thing.
    Why I mention this is that trueimage most likely starts schedul2.exe and that in turn starts Trueimageservice.exe which probably triggers the 'hijack' (a second or third program starting another) report on SPF. A hijack attempt I don't think it is, so is there a placed in SPF to define 'excepts'?
    If I'm all wet, then I apologize - else have a good day.
    Bob

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: TrueImage - Sygate Alert

    Al,
    I don't have a definitive answer for you but I did notice that those two Acronis files showed up in my Startup Manager after I installed Acronis 8. I disabled them in System Mechanic without any noticeable effect or problem. Just what they are for, I don't know. Check your startup progs with System Mechanic or msconfig and see if they are there. If so, disable them and wait for the other shoe to drop. I didn't hear any.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: TrueImage - Sygate Alert

    > remote host 0.0.0.0 and remote MAC FF-FF-FF-FF-FF-FF

    I think this is placeholder "blank" data. From the type of alert, no other computer would have been involved.

  5. #5
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: TrueImage - Sygate Alert

    I just received this email and I'm not quite sure what to make of it, since this seems to say that TI won't work without. (The bold is from me)
    <hr>Please accept our apologies for the delay with the response.
    Thank you for using Acronis True Image (http://www.acronis.com/products/trueimage/).

    schedul2.exe -- Acronis scheduling service.
    This service is started on the computer startup and remains active until the computer is turned off. It is used by Acronis software to start scheduled tasks. Note that Acronis True Image 8.0 always schedules image creation tasks, even if you start the "Image creation" operation. Thus if you stop Acronis scheduling service, then you loose the ability to create images in Windows.

    TrueImageService.exe is the main Acronis True Image service which is necessary for the program to run.

    Thus, when starting creating an image, Acronis True Image refers to the schedul2.exe service which calls for the TrueImageService.exe service to initiate an image creation. There's nothing harmful in that because that's how the program works. We recommend that you add these two programs to the SPF "permissions" list.

    We are always at your service should you have any further questions.

    Thank you.
    -- Best regards, Sergey V. Sergeev <hr>

  6. #6
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: TrueImage - Sygate Alert

    I can't make anything of it either, Al.
    Maybe it's ONLY for scheduled tasks for Imaging to work? I know you DO scheduled Imaging, so perhaps you need to keep it active. I only Image the drives when I feel that I've made some significant changes or additions or about once a month when the spirit moves me.

    Have you tried it with them temp disabled? Curious.
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  7. #7
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: TrueImage - Sygate Alert

    Let me compare what Outpost Firewall Pro does. When I run a program that it has previously "registered," and any program files have changed, I get an alert and can review a list of the changed components. This often happens after program updates. I check the list and OK it, and that's it. This function (which Outpost calls "component control") is separate from the question of what the affected program might be permitted to do on the Internet. No programs are completely trusted for all purposes; nearly all have a set of rules that they follow (usually default rules for web browser-type programs), and those can be changed independently of the component registration.

    Does that jibe at all with how Sygate works?

  8. #8
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: TrueImage - Sygate Alert

    I guess so, 'cause when a program has been updated or upgraded, I (sometimes) get an alert to that fact - which is GOOD. Once you OK the change, the alert doesn't come back. To Bob: no I don't really "schedule" imaging backup, I too do it manually, usually on a weekly basis. My "string around the finger" is the 1st, 8th, 15th and 22nd of each month. I've also disabled the two programs and will let you know how my next run goes. It's just strange that THEY think that their scheduler is important enough that it needs to be running continually. I'm getting ready today to do some system changes, so will be makeing a backup or two. More later...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •