For details on cookie usage on our site, read our Privacy Policy
GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?
- LIVEcommunity
- Discussions
- General Topics
- GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-25-2018 05:52 AM
So we are trying to prevent the Palo Alto agent from opening at startup.
I believe I fixed that initially by removing its entry from"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".
However there's a service running, "PANGps" ("C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe") that appears to continue re-lauching the process "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe" eevery time PanGPA.exe is closed, until PanGPS.exe is closed.
Is PanGPS a service required to be running?
Is there a way to prevent PanGPS from continuing to re-launch PanGPA.exe?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-25-2018 06:27 AM
The PanGPS service needs to be running for GlobalProtect to function. You can change the service to 'Manual' and GlobalProtect will launch start the service. However, I don't recall ever seeing an instance where the service launced the executable; what version of the agent are you running?
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-25-2018 08:46 AM
It's 4.1.2 version.
And I ran Process Monitor and watched the service keep launching the executable.
| Time of Day | Process Name | PID | Operation | Path |
| 32:57.2 | PanGPS.exe | 5748 | Process Create | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe |
Then if I run "taskkill /im PanGPA.exe /f"
a second later PanGPS.exe runs the PanGPA.exe again.
Here is a video of this happening: https://youtu.be/9fkbyZZug_k
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-25-2018 09:27 AM
When I terminate both PanGPS and PanGPA, this is the process that goes on before they both start back up.
I also have the Service disabled this entire transaction.
I found the "HKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS\RestartPanGPA" one particularly interesting.
| Time of Day | Process Name | PID | Operation | Path | Result | Detail |
| 25:33.0 | PanGPS.exe | 15796 | QueryDirectory | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Filter: PanGPS.log, 1: PanGPS.log |
| 25:33.0 | PanGPS.exe | 15796 | CreateFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Opened |
| 25:33.0 | PanGPS.exe | 15796 | QueryStandardInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | AllocationSize: 434,176, EndOfFile: 430,591, NumberOfLinks: 1, DeletePending: False, Directory: False |
| 25:33.0 | PanGPS.exe | 15796 | QueryStandardInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | AllocationSize: 434,176, EndOfFile: 430,591, NumberOfLinks: 1, DeletePending: False, Directory: False |
| 25:33.0 | PanGPS.exe | 15796 | WriteFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 430,591, Length: 435, Priority: Normal |
| 25:33.0 | PanGPS.exe | 15796 | QueryBasicInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | CreationTime: 10/25/2018 8:12:34 AM, LastAccessTime: 10/25/2018 8:12:34 AM, LastWriteTime: 10/25/2018 11:22:10 AM, ChangeTime: 10/25/2018 11:22:10 AM, FileAttributes: A |
| 25:33.0 | PanGPS.exe | 15796 | ReadFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 0, Length: 64 |
| 25:33.0 | PanGPS.exe | 15796 | ReadFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 0, Length: 7 |
| 25:33.0 | PanGPS.exe | 15796 | CloseFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | |
| 25:37.1 | PanGPS.exe | 15796 | RegOpenKey | HKLM\Software\Palo Alto Networks\GlobalProtect\PanGPS | SUCCESS | Desired Access: Read |
| 25:37.1 | PanGPS.exe | 15796 | RegQueryValue | HKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS\RestartPanGPA | NAME NOT FOUND | Length: 16 |
| 25:37.1 | PanGPS.exe | 15796 | RegCloseKey | HKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS | SUCCESS | |
| 25:37.3 | PanGPA.exe | 8516 | RegSetValue | HKCU\Software\Palo Alto Networks\GlobalProtect\PanMSAgent\PanGPS | SUCCESS | Type: REG_DWORD, Length: 4, Data: 5 |
| 25:37.3 | PanGPA.exe | 8516 | RegQueryValue | HKCU\Software\Palo Alto Networks\GlobalProtect\PanMSAgent\PanGPS | SUCCESS | Type: REG_DWORD, Length: 4, Data: 5 |
| 25:38.0 | PanGPS.exe | 15796 | QueryDirectory | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Filter: PanGPS.log, 1: PanGPS.log |
| 25:38.0 | PanGPS.exe | 15796 | CreateFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Desired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Opened |
| 25:38.0 | PanGPS.exe | 15796 | QueryStandardInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | AllocationSize: 434,176, EndOfFile: 431,026, NumberOfLinks: 1, DeletePending: False, Directory: False |
| 25:38.0 | PanGPS.exe | 15796 | QueryStandardInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | AllocationSize: 434,176, EndOfFile: 431,026, NumberOfLinks: 1, DeletePending: False, Directory: False |
| 25:38.0 | PanGPS.exe | 15796 | WriteFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 431,026, Length: 862, Priority: Normal |
| 25:38.0 | PanGPS.exe | 15796 | QueryBasicInformationFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | CreationTime: 10/25/2018 8:12:34 AM, LastAccessTime: 10/25/2018 8:12:34 AM, LastWriteTime: 10/25/2018 11:25:33 AM, ChangeTime: 10/25/2018 11:25:33 AM, FileAttributes: A |
| 25:38.0 | PanGPS.exe | 15796 | ReadFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 0, Length: 64 |
| 25:38.0 | PanGPS.exe | 15796 | ReadFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS | Offset: 0, Length: 7 |
| 25:38.0 | PanGPS.exe | 15796 | CloseFile | C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.log | SUCCESS |
- Mark as New
- Subscribe to RSS Feed
- Permalink
10-25-2018 10:25 AM
I renamed the REG_Binary "FailureActions" to "FailureActions_old" at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PanGPS.
Thereafter the process is not restarted every 60 secods by services.exe any longer
So That key is telling the service to restart, even though under PanGPS service's Recovery tab options I have it set to "Take no action" for all 3 failure options, AND I had the service disabled as well.
- SAML authentication - How to avoud the "Open GlobalProtect ..." popup ? in GlobalProtect Discussions
- GlobalProtect MSI opens Microsoft Store? in GlobalProtect Discussions
- GlobalProtect stops responding in GlobalProtect Discussions
- Not able to open Globalprotect from window and cannot able to connect VPN. in GlobalProtect Discussions
- Globalprotect Connection two Browser Tabs in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
