Welcome Guest.   Make a donation to an author on the site July 24, 2014, 01:29:10 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Free DonationCoder.com Member Kit: Submit Request.
   
   Forum Home   Thread Marks Chat! Downloads Search Login Register  
Pages: [1]   Go Down
  Reply  |  New Topic  |  Print  
Author Topic: Firefox: Why is svchost.exe and sqlite at war?  (Read 3584 times)
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« on: April 09, 2011, 09:42:13 PM »

I had a look inside my Outpost Security Suite Pro 7.1's log,
and realized that a war is going on!     ohmy

Page up and down the Event Viewer has this one incident every few seconds:

Quote from: Application Guard
svchost.exe
   Access to protected application data is blocked   
C:\Users\Curt\AppData\Roaming\Mozilla\Firefox\Profiles\dxhgv8j7.default\signons.sqlite

-meaning svchost.exe is blocked by Outpost from reaching this signons.sqlite (in Firefox 3.6).

What is that war about? 
Logged
worstje
Honorary Member
**
Posts: 555



The Gent with the White Hat

View Profile Give some DonationCredits to this forum member
« Reply #1 on: April 09, 2011, 09:53:40 PM »

Does it list a process number for the scvhost.exe? If it does, you can use Process Explorer to try and figure out what services it hosts, and thus which service tries to access the file.
Logged
mahesh2k
Supporting Member
**
Posts: 1,406



see users location on a map View Profile WWW Give some DonationCredits to this forum member
« Reply #2 on: April 10, 2011, 01:31:01 AM »

Spoolsv is taking more resources on my computer and making my firefox unstable. If i click on any webpage link then it opens firefox download cue window and shows the progress of page downloading on disk. I don't know what is wrong with ff or windows. Also i noticed that  svchost/spoolsv taking control of firefox's resources and making scrolling hard and in turn giving results like font increase or decrease when scroller is used.
Logged
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #3 on: April 10, 2011, 04:53:13 AM »

-
Does it list a process number for the scvhost.exe?

-no, PIDs are not listed. (I think I will ask Agnitum to do this.)

--------
mahesh2k, I hope you will figure out what your problem with Firefox is about, so you don't have to use Revo Uninstalller (or similar) to remove ALL of Firefox - but it might be necessary.
Logged
sajman99
Supporting Member
**
Posts: 663


View Profile Give some DonationCredits to this forum member
« Reply #4 on: April 11, 2011, 12:58:58 PM »

This war seems like it's good for absolutely nothing. Wink

btw this same issue was discussed in the Outpost forum. See post #4 where it mentions svchost is blocked from reaching sqlite in the Firefox profile.
Logged
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #5 on: April 11, 2011, 02:23:46 PM »

... in the Outpost forum. See post #4

hmm... my Firefox 3.6 is unable to reach the site at all. Opera had no problems opening the page.

Thanks a lot for this link, sajman99  thumbs up
It is clear that I am not the only one having problems with signons.sqlite. But it is a little strange to me that there have been no follow-up for almost a year - the problem has not been solved.

I wrote Agnitum and suggested they make Application Guard also tell the PID number for blocked programs. But as one of the poster said, if we want to know the answer to the problem, we should contact Mozilla and Microsoft. As if I would expect them to ever answer! Maybe there is a better chance to get an answer, if I ask the company behind sqlite? I have not yet any idea who that is.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #6 on: April 11, 2011, 02:24:53 PM »

So, Outpost has buggy software, but MS+Mozilla are to blame? Cool
Logged

- carpe noctem
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #7 on: April 11, 2011, 04:43:07 PM »

-you may dislike Agnitum as much as you may want to, but no one except you has called it a bug.
Logged
sajman99
Supporting Member
**
Posts: 663


View Profile Give some DonationCredits to this forum member
« Reply #8 on: April 11, 2011, 04:59:52 PM »

...my Firefox 3.6 is unable to reach the site at all. Opera had no problems opening the page...

Interesting...so does that happen a lot with Firefox 3.6? Do you also find it unstable, or at least noticeably unresponsive at times? Any problems with the Password Manager that you know of?

I'm just curious (and likely clueless) what's going on here. undecided
Logged
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #9 on: April 11, 2011, 06:31:27 PM »

I have had a lot of problems with Firefox 3.5 and 3.6 hesitating to open pages. Normally it goes to the pages okay, but when it comes to actually opening the page, something is not happening, and I need to mark the address and hit Enter again. This is especially true when a lot of flashy things are on the page, but I am not sure it is a security related thing. It also happens on a site that is added to trusted in Outpost. (Why can't I black- or white- list sites in Firefox, like in IE ?)

I have not had any problems with the password manager.
Logged
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #10 on: April 12, 2011, 09:23:55 AM »

Quote
Thank you for your message.

We will take your suggestions into consideration, thank you for sharing them with us.

SVCHOST.EXE scans all files from time to time. Application Guard silently prevents
attempts to access the protected files. This situation is normal.

--
All the best,
Polina Komarova
Agnitum Support
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #11 on: April 12, 2011, 09:41:24 AM »

That's almost a non-reply, Curt.

SVCHOST.EXE is the process (or rather, a whole bunch of processes) hosting Windows services. Each process can run any number of services... like, a background backup task. Having your background backup task blocked from trying to backup your firefox profile sounds like a pretty bad thing to me.

Granted, you probably don't want malware getting access to your saved passwords - but (assuming Mozilla are doing things properly and you're protecting with a reasonably strong master key), access to the sqlite database won't give malware access to the passwords.
Logged

- carpe noctem
Curt
Supporting Member
**
Posts: 6,306

see users location on a map View Profile Give some DonationCredits to this forum member
« Reply #12 on: April 12, 2011, 11:27:35 AM »

-you're of course right, f0dder. But I now see hat Mozilla is one of the companies behind sqlite, so they have been aware of this situation all of the way, and didn't care to change it - so what can one man do in this situation, other than eat it.
Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #13 on: April 12, 2011, 11:40:56 AM »

But I now see hat Mozilla is one of the companies behind sqlite
It is? I thought it was run pretty much by a single guy smiley

so they have been aware of this situation all of the way, and didn't care to change it
If it isn't a problem in their software, what are they supposed to do about it?

To me it sounds like output might be doing something it shouldn't be doing - but at the same time, I'd try and figure out which service from svchost.exe is trying to access the password database. If it's something backup related, fine, otherwise you might want to do a thorough check for malware.
Logged

- carpe noctem
sajman99
Supporting Member
**
Posts: 663


View Profile Give some DonationCredits to this forum member
« Reply #14 on: April 12, 2011, 12:33:45 PM »

...I'd try and figure out which service from svchost.exe is trying to access the password database....

Cryptographic Services?  undecided tellme

Quote
Cryptographic Services: Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
« Last Edit: April 12, 2011, 12:35:34 PM by sajman99 » Logged
f0dder
Charter Honorary Member
***
Posts: 8,774



[Well, THAT escalated quickly!]

see users location on a map View Profile WWW Read user's biography. Give some DonationCredits to this forum member
« Reply #15 on: April 12, 2011, 12:43:52 PM »

sajman99: I doubt that would access the firefox SQLite database files smiley
Logged

- carpe noctem
sajman99
Supporting Member
**
Posts: 663


View Profile Give some DonationCredits to this forum member
« Reply #16 on: April 12, 2011, 01:01:22 PM »

Oh, okay--I took a shot. Wink Thought it might be some key service/certificate issue.
Logged
Pages: [1]   Go Up
  Reply  |  New Topic  |  Print  
 
Jump to:  
   Forum Home   Thread Marks Chat! Downloads Search Login Register  

DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.036s | Server load: 0.22 ]