TUCoPS :: Windows :: c07-2308.htm

Windows logoff bug solution possibly.
Windows logoff bug solution possibly.
Windows logoff bug solution possibly.


I have posted previously about a bug that seems to cause applications to 
continue to run when a user logs off and when another users logs on, 
he/she may be able to access the programs that continued to run after 
the logoff,  for example:

1. Log on as Administrator
2. Do some stuff
3. Log off, but some programs continue to run
4. Log on as a regular user, programs running from 1,2 may appear and 
user may be able to access stuff with Administrator privileges.

I now think that ZoneAlarm may have some to play on this.  I still think 
different logons should use different session IDs though.

During logoff today, ZoneAlarm asked me if I wanted to allow Client 
Server Runtime Process to terminate a process.  I clicked yes.  This is 
the first time I have seen this, and so I though that it might be why 
the programs are not terminating at logoff.  If the OS Firewall level 
for csrss.exe is set to ask but it can not ask, it will be denied.  I 
looked though some previous log files from ZoneAlarm and found some 
entries with csrss.exe.  The action was to terminate a process and it 
was blocked.  This is just a few from the list.

OSFW,2007/02/09,06:16:12 -5:00 GMT,BLOCKED,Client Server Runtime 
Process,C:\WINDOWS\system32\csrss.exe,PROCESS,TERMINATEPROCESS,DST,C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
OSFW,2007/02/09,06:16:12 -5:00 GMT,BLOCKED,Client Server Runtime 
Process,C:\WINDOWS\system32\csrss.exe,PROCESS,TERMINATEPROCESS,DST,C:\Program 
Files\TortoiseSVN\bin\TSVNCache.exe
OSFW,2007/02/09,06:16:16 -5:00 GMT,BLOCKED,Client Server Runtime 
Process,C:\WINDOWS\system32\csrss.exe,PROCESS,TERMINATEPROCESS,DST,C:\Program 
Files\EssentialPIM Pro\EssentialPIM.exe
OSFW,2007/02/09,06:16:20 -5:00 GMT,BLOCKED,Client Server Runtime 
Process,C:\WINDOWS\system32\csrss.exe,PROCESS,TERMINATEPROCESS,DST,C:\Program 
Files\GetRight\getright.exe


The list of processes is the same processes that show up as still 
running from the previous logon when I check task manager.  Setting the 
OS Firewall level to 'Super' for Client Server Runtime Process may fix 
the logoff problem that I have been discussing.  I also think ZoneLabs 
should make it a 'System,Custom' item instead of 'Auto,Custom', so the 
user will be warned of any changes.

RC

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH