Exclude Process Explorer in VG log

Discussion in 'Returnil releases' started by philby, Sep 26, 2010.

Thread Status:
Not open for further replies.
  1. philby
    Offline

    philby Registered Member

    Hello

    I have VM set to 'Trust Programs from Real Disk Only'.

    When I run PE, I get this message: 'Unable to extract x64 image. Run PE from a writeable directory'.

    That's as expected.

    However, if I then go to the AV log and exclude the entry for PE shown below, I still can't open it - i.e. it has not been succesfully excluded.

    Capture.PNG

    How can I exclude PE correctly so it can run without my having to change the VM setting to 'Allow programs to run normally' every time?

    In RVS 2008, I used to get anoption to allow/disallow and that always worked!

    Thanks in advance

    philby
  2. Coldmoon
    Online

    Coldmoon Returnil Moderator

    After highlighting the entry and selecting the Exclude button, is the entry added to the exclusions list (Virus Guard > Scan > AV Exclusions > Define List link)?

    If not, what happens after adding the folder/files to the list manually?

    Mike
  3. philby
    Offline

    philby Registered Member

    Highlight > Exclude fails to add anything to the exclusions list.

    I can add C:\procexp.exe to the list manually and that sticks
    I can't add C:\procexp64.exe manually - that doesn't stick.
    I can also add C:\Users\philby\AppData\Local\Temp\procexp64.exe manually and that sticks.

    I can then open PE, but I get continual and unceasing 'Untrustworthy program...' warnings about C:\Windows\System32\Drivers\Procexp141.sys - even after I close PE. Correction - they eventually stop!

    I cannot add ...141.sys manually - the file is not shown even with the necessary hide boxes unchecked in Explorer.

    Checking those warnings and adding them to the Exclusion list via VG > Log doesn't help either.

    philby
    Last edited: Sep 27, 2010
  4. philby
    Offline

    philby Registered Member

    Mike - I just rebooted (VM on / drop all) and got another 3 warnings re. C:\Windows\System32\Drivers\Procexp141.sys

    Even after a reboot?

    philby

    PS Maybe this is connected to my open support ticket 508649, regarding Win7 64 and SSD issues.
Thread Status:
Not open for further replies.