Exclude Process Explorer in VG log

philby · #1 September 26th, 2010, 05:40 PM

Hello

I have VM set to 'Trust Programs from Real Disk Only'.

When I run PE, I get this message: 'Unable to extract x64 image. Run PE from a writeable directory'.

That's as expected.

However, if I then go to the AV log and exclude the entry for PE shown below, I still can't open it - i.e. it has not been succesfully excluded.

Name: Capture.PNG
Views: 292
Size: 115.3 KB

Name: Capture.PNG
Views: 292
Size: 115.3 KB

How can I exclude PE correctly so it can run without my having to change the VM setting to 'Allow programs to run normally' every time?

In RVS 2008, I used to get anoption to allow/disallow and that always worked!

Thanks in advance

philby

Coldmoon · #2 September 27th, 2010, 10:20 AM

Quote:

Originally Posted by philby

Hello

I have VM set to 'Trust Programs from Real Disk Only'.

When I run PE, I get this message: 'Unable to extract x64 image. Run PE from a writeable directory'.

That's as expected.

However, if I then go to the AV log and exclude the entry for PE shown below, I still can't open it - i.e. it has not been succesfully excluded.

Attachment 222151

How can I exclude PE correctly so it can run without my having to change the VM setting to 'Allow programs to run normally' every time?

In RVS 2008, I used to get anoption to allow/disallow and that always worked!

Thanks in advance

philby

After highlighting the entry and selecting the Exclude button, is the entry added to the exclusions list (Virus Guard > Scan > AV Exclusions > Define List link)?

If not, what happens after adding the folder/files to the list manually?

Mike

philby · #3 September 27th, 2010, 11:13 AM

Highlight > Exclude fails to add anything to the exclusions list.

I can add C:\procexp.exe to the list manually and that sticks
I can't add C:\procexp64.exe manually - that doesn't stick.
I can also add C:\Users\philby\AppData\Local\Temp\procexp64.exe manually and that sticks.

I can then open PE, but I get continual and unceasing 'Untrustworthy program...' warnings about C:\Windows\System32\Drivers\Procexp141.sys - even after I close PE. Correction - they eventually stop!

I cannot add ...141.sys manually - the file is not shown even with the necessary hide boxes unchecked in Explorer.

Checking those warnings and adding them to the Exclusion list via VG > Log doesn't help either.

philby

philby · #4 September 27th, 2010, 12:59 PM

Mike - I just rebooted (VM on / drop all) and got another 3 warnings re. C:\Windows\System32\Drivers\Procexp141.sys

Even after a reboot?

philby

PS Maybe this is connected to my open support ticket 508649, regarding Win7 64 and SSD issues.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search