cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?

Announcements

Changes to the LIVEcommunity experience are coming soon... Here's what you need to know.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 05:52 AM
‎10-25-2018 05:52 AM

GlobalProtect app - How to stop PanGPS from opening PanGPA constantly?

So we are trying to prevent the Palo Alto agent from opening at startup. 

I believe I fixed that initially by removing its entry from"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run".

However there's a service running, "PANGps" ("C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe") that appears to continue re-lauching the process "C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe" eevery time PanGPA.exe is closed, until PanGPS.exe is closed. 

 

Is PanGPS a service required to be running?

Is there a way to prevent PanGPS from continuing to re-launch PanGPA.exe? 

 

0 Likes
Reply
BPry
Cyber Elite
Cyber Elite
‎10-25-2018 06:27 AM
‎10-25-2018 06:27 AM

@BeKindPleaseRewind,

The PanGPS service needs to be running for GlobalProtect to function. You can change the service to 'Manual' and GlobalProtect will launch start the service. However, I don't recall ever seeing an instance where the service launced the executable; what version of the agent are you running? 

0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 08:46 AM
‎10-25-2018 08:46 AM

It's 4.1.2 version.

 

And I ran Process Monitor and watched the service keep launching the executable.

 

Time of DayProcess NamePIDOperationPath
32:57.2PanGPS.exe5748Process CreateC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe

 

Then if I run "taskkill /im PanGPA.exe /f"

a second later PanGPS.exe runs the PanGPA.exe again. 

 

Here is a video of this happening: https://youtu.be/9fkbyZZug_k

 

 

 

 

0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 09:27 AM
‎10-25-2018 09:27 AM

When I terminate both PanGPS and PanGPA, this is the process that goes on before they both start back up.

I also have the Service disabled this entire transaction.

 

I found the "HKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS\RestartPanGPA" one particularly interesting. 

 

Time of DayProcess NamePIDOperationPathResultDetail
25:33.0PanGPS.exe15796QueryDirectoryC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSFilter: PanGPS.log, 1: PanGPS.log
25:33.0PanGPS.exe15796CreateFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSDesired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Opened
25:33.0PanGPS.exe15796QueryStandardInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSAllocationSize: 434,176, EndOfFile: 430,591, NumberOfLinks: 1, DeletePending: False, Directory: False
25:33.0PanGPS.exe15796QueryStandardInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSAllocationSize: 434,176, EndOfFile: 430,591, NumberOfLinks: 1, DeletePending: False, Directory: False
25:33.0PanGPS.exe15796WriteFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 430,591, Length: 435, Priority: Normal
25:33.0PanGPS.exe15796QueryBasicInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSCreationTime: 10/25/2018 8:12:34 AM, LastAccessTime: 10/25/2018 8:12:34 AM, LastWriteTime: 10/25/2018 11:22:10 AM, ChangeTime: 10/25/2018 11:22:10 AM, FileAttributes: A
25:33.0PanGPS.exe15796ReadFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 0, Length: 64
25:33.0PanGPS.exe15796ReadFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 0, Length: 7
25:33.0PanGPS.exe15796CloseFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESS 
25:37.1PanGPS.exe15796RegOpenKeyHKLM\Software\Palo Alto Networks\GlobalProtect\PanGPSSUCCESSDesired Access: Read
25:37.1PanGPS.exe15796RegQueryValueHKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPS\RestartPanGPANAME NOT FOUNDLength: 16
25:37.1PanGPS.exe15796RegCloseKeyHKLM\SOFTWARE\Palo Alto Networks\GlobalProtect\PanGPSSUCCESS 
25:37.3PanGPA.exe8516RegSetValueHKCU\Software\Palo Alto Networks\GlobalProtect\PanMSAgent\PanGPSSUCCESSType: REG_DWORD, Length: 4, Data: 5
25:37.3PanGPA.exe8516RegQueryValueHKCU\Software\Palo Alto Networks\GlobalProtect\PanMSAgent\PanGPSSUCCESSType: REG_DWORD, Length: 4, Data: 5
25:38.0PanGPS.exe15796QueryDirectoryC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSFilter: PanGPS.log, 1: PanGPS.log
25:38.0PanGPS.exe15796CreateFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSDesired Access: Generic Write, Read Attributes, Disposition: OpenIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Opened
25:38.0PanGPS.exe15796QueryStandardInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSAllocationSize: 434,176, EndOfFile: 431,026, NumberOfLinks: 1, DeletePending: False, Directory: False
25:38.0PanGPS.exe15796QueryStandardInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSAllocationSize: 434,176, EndOfFile: 431,026, NumberOfLinks: 1, DeletePending: False, Directory: False
25:38.0PanGPS.exe15796WriteFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 431,026, Length: 862, Priority: Normal
25:38.0PanGPS.exe15796QueryBasicInformationFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSCreationTime: 10/25/2018 8:12:34 AM, LastAccessTime: 10/25/2018 8:12:34 AM, LastWriteTime: 10/25/2018 11:25:33 AM, ChangeTime: 10/25/2018 11:25:33 AM, FileAttributes: A
25:38.0PanGPS.exe15796ReadFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 0, Length: 64
25:38.0PanGPS.exe15796ReadFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESSOffset: 0, Length: 7
25:38.0PanGPS.exe15796CloseFileC:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.logSUCCESS 
0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 10:25 AM
‎10-25-2018 10:25 AM

I renamed the REG_Binary "FailureActions" to "FailureActions_old" at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PanGPS. 

Thereafter the process is not restarted every 60 secods by services.exe any longer 

So That key is telling the service to restart, even though under PanGPS service's Recovery tab options I have it set to "Take no action" for all 3 failure options, AND I had the service disabled as well. 

0 Likes
Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎10-25-2018 11:47 AM
‎10-25-2018 11:47 AM

Hello,

I guess my question would be, why have it installed if you are just going to disable it? If you want to connect to the VPN, you will need to start those services manually.

 

Regards,

0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 12:19 PM
‎10-25-2018 12:19 PM

Because if a user needs to VPN they should just be able to open the program from start or desktop when they wish to.

But instead, there's an annoying window that pops up from the system tray hiding the bottom-right side of my screen, and has h no option to close. That is abnormal as I compare to all the other system tray programs I have (currently running and past ones I've had). 

0 Likes
Reply
OtakarKlier
Cyber Elite
Cyber Elite
‎10-25-2018 12:53 PM
‎10-25-2018 12:53 PM

Hello,

While I do see your viewpoint, the Cisco Anyconnect agent bwhaves in a similar fashion.

 

Regards,

0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 01:03 PM
‎10-25-2018 01:03 PM

Yeah it's this window that pops up.

As you can see there's no place to close it, can't move it or anything. 

It's a bit obnoxious. 

That's good to know about Cisco -- but two wrong's don't make a right. 

 

GlobalProtect-Window-annoyance.png

0 Likes
Reply
BeKindPleaseRewind
L2 Linker
‎10-25-2018 06:26 PM
‎10-25-2018 06:26 PM

Also, it appears the root cause of the Startup overriding issue is due to the way PaloAlto adds the "shortcut" to the menu.

Apparently the shortcut to GlobalProtect is really a shortcut to some exe wrapped msi installer. 

glolbalprotectshortcut.png

 

This appears to run an msi installer once I delete the auto-run entry and then re-open the shortcut. 

If the auto-run entry for PANPga.exe exists, the shortcut will open it instead of running an installer.

 

That is very odd and I wonder why it was designed(?) this way. 

Seems the work-around is to create a shortcut directly to PANgpa for the user. 

0 Likes
Reply
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks