Hello,

Every time I use the CD drive I get a message from ProcessGuard:

Launched by: c:\windows\system32\svchost.exe
Command Line: rundll32.exe shell32.dll,activate_rundll
Company Name: Microsoft Corporation
File Size: 32KB

I deny it each time. Is it possible to get ProcessGuard to ignore putting in a CD or taking it out? I hesitate to check the "always perform this action" check box as I'm not exactly sure what I would be allowing/denying since svchost.exe is involved.

Thanks

CaH

Hi knowbodynow, It is a trusted process and therefore should be allowed - They are all trusted system processes that are protected so there should be no problem allowing it always. :)

Pilli

Thanks Pilli,

I just wondered if something could hijack that process and if it has been allowed do something in the background that I was unaware of. I'm thinking of rootkits and the like. But, not knowing what is possible, perhaps I am being paranoid?

CaH

No problem :) There is a slight risk always allowing run32dll as is there with services.exe as they could possibly be utilized by malware but if it is annoying then, on balance, the risk is miimal.

Pilli

Hi, knowbodynow

It is properly caused by having autoplay Enabled for CD-DVD Drives and Removable Drives [flash drives], it you download TweakUI [Microsoft Powertoy tool] you can turn autoplay off, then it wiil not scan for a autostart file on the Media.

Microsoft PowerToys for Windows XP (http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx)

Take Care,
TheQuest 8)

Thanks,

I thought the same way but I have TweakUI and autoplay is off. Something else must be causing this?

CaH

Hi, knowbodynow

The only other thing I can think that could make happen is a Burning Progarm, ie Nero which checks CD\DVD when loaded by default.

Take Care,
TheQuest 8)

Thats autoplay.. try inserting a CD with the SHIFT key held down

I very much dislike auto insert notification in XP, most CD burning software detects it is enabled and asks me to turn it off. YES PLEASE I say :)

I tried inserting a CD while holding shift key. ProcessGuard still came up. I have Nero 5.5 but nothing is loaded at startup and in any case I can't see any preferences that would do this. I wonder what is causing this.

CaH

Hmm strange one ???