|
GEEKS: help with a wsh/vbscript: Killing a "non-kill-able" process...
|
View this Thread in Original format
| david.michael |
COR Version: I want to know how to kill processes that you can't normally kill, namely "vsmon.exe" and "iclient.exe" (part of ZoneAlarm) in a script.
The challenge: Our company's remote access suite for VPNing in to our corporate network consists of four programs: iPass, Contivity VPN Client, Nortel Networks Tunnelguard, and ZoneLabs Integrity Client. These programs are required for remote access, but not every day use. When installed (standard on our current image), all four items load at startup, eating up valuable system resources. The boot times are increased dramatically. So I am attempting to write a script which I will include on our image which will Stop and Start the programs when ran, to negate the need for auto startup.
The problem: Two of the tasks, namely "vsmon.exe" and "iclient.exe" (which start when ZoneLabs Integrity Client is opened) refuse to be terminated. The only way I can get rid of them is by physically right clicking on the system tray and telling the program to close, which doesn't work too well for scripting I don't think. But I have been unsuccessful in my attempts to automate closing them.
I cannot even close these tasks in the Task Manager. It returns a dialog box: "The operation could not be completed. Access is denied." Whether the related Service ("TrueVector Internet Monitor") is started or not seems to make little difference.
I have made the following command line attempts:
tskill vsmon
- End Process failed for vsmon:Access is denied.
pskill vsmon <==== a program by SysInternals
- Unable to kill process vsmon:
- Acess is denied.
taskkill -IM vsmon.exe
- ERROR: The process "vsmon.exe" with PID 2424 could not be terminated.
- Reason: This process can only be terminated forcefully (with /F option).
taskkill -IM vsmon.exe /F
- ERROR: "The process "vsmon.exe" with PID 2424 could not be terminated.
- Reason: Access is denied.
NET STOP vsmon
- The requested pause or stop is not valid for this service.
- More help is available by typing NET HELPMSG 2191.
I have tried using the "at" command to use the task scheduler to complete the app, since this causes it to be run by the SYSTEM account (ex: at 8:23 /interactive taskkill vsmon.exe) but it does not happen. I also tried having the "at" command open the task manager and manually closing it. Still access denied.
I have tried using SendKeys to simulate the necessary keystrokes to close the app:
code:
set wshell = CreateObject("WScript.Shell")
' "Re-open" Integrity Client so that its window will appear.
' This will start Integrity Client if it was not already running.
wshell.Exec "C:\Program Files\Zone Labs\Integrity Client\iclient.exe"
WScript.Sleep 1500 ' Gives it some time to load
' Ensures that Integrity Client is the active window
Do Until Success = True
Success = wshell.AppActivate("Zone Labs Integrity Flex")
wscript.Sleep 1000
Loop
wscript.Sleep 5000
' Right now I'm just trying to get the menu to pop up
wshell.SendKeys "%{ }"
'wshell.SendKeys "%s"
'wshell.SendKeys "%s"
'wshell.Sendkeys "{ENTER}"
set wshell = nothing
But that does not work. It's like the application completely ignores the keystrokes. Which I don't understand, since it should be the same thing as me hitting the keys manually (which DOES work). If I change the script to work with Notepad, it works like a champ. Just not with this app.
Can anyone help me with finding a way to automate closing this app? I've been working on this for a few days, but I'm a scripting n00b so perhaps I'm overlooking something. THANKS! |
|
|
| Bidor |
| uninstall zonealarm and try again. |
|
|
| david.michael |
Not completely related to "Technology and Gadgets", and the COR is busier. :P |
|
|
| jdat |
bat file with
kill -f iclient.exe
may have to duplicate the entry for vsmon.exe
there's also the vsmon -unload unload route which might work as a first step to killing the process through a script
you don't need any silly vbscripting. This is a bat job |
|
|
| AnomalyConcept |
Not sure about killing the processes, but many of those sound like they're installed as services. Check the services list: start > run > services.msc
You could always set those to 'manual' startup, which means they will be started when required, but it won't automatically stop.
If they are services, you can always have a script to manipulate them via net start/stop [service installed name]. |
|
|
| jdat |
| quote: | Originally posted by AnomalyConcept
Not sure about killing the processes, but many of those sound like they're installed as services. Check the services list: start > run > services.msc
You could always set those to 'manual' startup, which means they will be started when required, but it won't automatically stop.
If they are services, you can always have a script to manipulate them via net start/stop [service installed name]. |
+1 on checking the service startup rules etc |
|
|
| david.michael |
You guys are not reading my original post.
| quote: | I have made the following command line attempts:
tskill vsmon
- End Process failed for vsmon:Access is denied.
pskill vsmon <==== a program by SysInternals
- Unable to kill process vsmon:
- Acess is denied.
taskkill -IM vsmon.exe
- ERROR: The process "vsmon.exe" with PID 2424 could not be terminated.
- Reason: This process can only be terminated forcefully (with /F option).
taskkill -IM vsmon.exe /F
- ERROR: "The process "vsmon.exe" with PID 2424 could not be terminated.
- Reason: Access is denied.
NET STOP vsmon
- The requested pause or stop is not valid for this service.
- More help is available by typing NET HELPMSG 2191. |
|
|
|
| david.michael |
| quote: | Originally posted by AnomalyConcept
Not sure about killing the processes, but many of those sound like they're installed as services. Check the services list: start > run > services.msc
You could always set those to 'manual' startup, which means they will be started when required, but it won't automatically stop.
If they are services, you can always have a script to manipulate them via net start/stop [service installed name]. |
Like I said
| quote: | | I cannot even close these tasks in the Task Manager. It returns a dialog box: "The operation could not be completed. Access is denied." Whether the related Service ("TrueVector Internet Monitor") is started or not seems to make little difference. |
|
|
|
| jdat |
| quote: | Originally posted by david.michael
You guys are not reading my original post. |
did you read up on using vsmon -unload ;) |
|
|
| david.michael |
| quote: | Originally posted by jdat
did you read up on using vsmon -unload ;) |
The only thing it does when I run that command is open an additional instance of vsmon.exe, and then closes it almost immediately.
Where do you suggest I read up on it? Google presents little results, unfortunately. |
|
|
| nec |
You should remove it in safe mode.
Or shutdown explorer and other applications that this program could might infect (hook) them, and then kill it. |
|
|
|
|
