Minute Control - Possible?

Discussion in 'ProcessGuard' started by knowbodynow, Jul 26, 2005.

Thread Status:
Not open for further replies.
  1. knowbodynow

    knowbodynow Guest

    Hello,

    I have a flash memeory drive. Every time I put the card into the drive or take it out Processguard pops up a warning:


    Filename: rundll32.exe
    Description: Run a DLL as an App
    Folder c:\windows\system\32\

    Launched by: c:\windows\system32\svchost.exe
    Command Line: rundll32.exe shell32.dll,activate_rundll
    Company Name: Microsoft Corporation
    File Size: 32KB

    I think this is Windows trying to pop up an options window about the drive. My question is, if I tell Processguard to always block this action will it apply only to the flashcard or would it interfere with other operations? I don't want windows to do anything when I physically move the flashcard. I worry about telling Processguard to block the activity but having it pop up all the time is irritating.

    Does anyone have a solution I might like?

    Thanks,

    Chris (Hunt)
     
    knowbodynow, Jul 26, 2005
    #1
  2. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,304
    Location:
    Kent. UK by the sea
    Hi, knowbodynow

    If you have PG block always it will stop any other process's from starting that need it, so it is not a good Idea to set at block always. [well bad realy]

    If you do a search of PG forum here for rundll32.exe you will 40 thread [and 22 under rundll32 most of those will be dups of the others]

    Take Care,
    TheQuest :cool:
     
    TheQuest, Jul 26, 2005
    #2
  3. Knowbodynow

    Knowbodynow Guest

    Thanks - I guessed blocking it would be a bad idea, that's why I was wondering if there was a way to isolate one function of rundll32.exe. It would be great if processguard had more precision, though I've no idea how and if that could be possible.

    Chris
     
    Knowbodynow, Jul 27, 2005
    #3
  4. Infinity

    Infinity Registered Member

    Joined:
    May 31, 2004
    Posts:
    2,651
    they are working on this feature I believe I read this somewhere .. parent -and child process control
     
    Infinity, Jul 27, 2005
    #4
  5. gottadoit

    gottadoit Security Expert

    Joined:
    Jul 12, 2004
    Posts:
    605
    Location:
    Australia
    As far as I can recall this feature has been discussed and requested but no response has been given by DCS so we simply don't know if they plan to implement the idea in the future....

    If you want to be able to specify block or allow of processes using command line arguments or by specifying the parent process then PG is currently not a tool that can help you do that

    Other people have also expressed views that PG's execution protection could be better, but you can always just turn execution protection off in PG and use something else.

    Personal firewalls tend to have basic execution protection, some are better than others. SSM has more configurable execution protection that is a little more complex to manage but should do the job for rundll32

    Regards
     
    gottadoit, Jul 28, 2005
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...