Monday, February 15, 2016

Fixing Glasswire Upgrade Issue: failed to attach to service

Man on a mission!

And in this GSD post The Struggles I explained an issue I had upgrading my free version of GlassWire on my Windows 7 Ultimate system.

And no sooner had I completed that task than GlassWire wanted to update to a new version as well.

So I went though the download/install process and it seemed to go on OK, but when it opened up it could not reconnect to the Glasswire service.

When I checked the Windows Service for it again it also showed marked for deletion.

So I uninstalled Glasswire, rebooted reinstalled Glasswire but again it could not attach to the service.

I checked the service again. It was present and set to Automatic but stopped. When I clicked “start” the service launch crashed with an error I didn’t capture.

Rinse-repeat-same result.

The updated Glasswire version 1.1.36b was doing fine on the upgrade process on Lavie’s laptop and my other Win 7 x64 laptop so I’m not sure what was the issue here.

Next I found an even newer version 1.1.4.850b. Same issues.

Finally I found the original Glasswire version 1.1.32b on one of my duplicated (but not recently sync’ed) USB drives.

That installed fine. The Glasswire service started automatically, and the app reconnected with no issues. So I’m leaving it there for the moment on this system.

So last weekend I turned my attention to troubleshooting that issue.

I did a few more rounds of uninstall/reinstall but to no avail and only the version 1.1.32b would work when installed.

I poked around on the GlassWire Official Forum a while and found a few others who had similar installation and/or service attachment issues.

So from those I came up with my own game-plan.

  1. Make sure the Glasswire service GWCtlSrv.exe (and any sub-processes) wasn’t running – kill if needed.
  2. Uninstall Glasswire via “Programs and Features”
  3. Delete the “C:\ProgramData\Glasswire” folder
  4. Scan the Registry for all keys with “Glasswire”
  5. Reboot
  6. Temporarily disable any running AV/AM protections (as reasonable).
    1. MalwareBytes AntiExploit
    2. Microsoft Security Essentials
    3. CryptoPrevent
    4. MalwareBytes Anti-Malware
    5. Zemana AntiLogger
    6. Note: EMET was left running
  7. Install the latest Glasswire release build
  8. (if everything OK) – re-enable all AV/AM protections that were disabled.
  9. Reboot and confirm all is well

And I did exactly that.

For step 4 I could have scanned my registry with any number of free utilities to make the process easier;

In the end I found Registry Finder the easiest to work with for this particular task.

I did a search in it for “Glasswire” and it came back with quite a lot of related keys still left over. I first exported these then I deleted them and rebooted the system. Nothing seemed harmed so I proceeded.

For step 6.3 I ended up “restoring” my original settings by choosing the “None – Remove all protection” option of CryptoPrevent.

My thought on temporarily disabling all of these were that perhaps some protection was blocking the proper installation/registration of the Glasswire service.

I then installed the latest version of Glasswire and it went on with no issues, connected to the Glasswire service, and the graph starting working normally again.

Hurray!

I re-enabled all the protections and rebooted.

Glasswire worked normally again.

Mischief managed.

Or was it?!! For another purpose I had to go into my “Task Scheduler” and was suddenly flooded with a long series of pop-ups like this for LOTS of different tasks. Oh SNAP!

2016-02-13 22_21_32-Task Scheduler

Come back for Episode 2 – in which Task Scheduler’s “The task image is corrupt or has been tampered with.” error is assessed, understood, and vanquished!

--Claus Valca

No comments: