I do have Controlled Folder setting in WD turned on and understand some pieces. Recently I saw two applications apparently trying to access protected memory. Can someone explain to me in plain English what these events mean. To me DR0 indicates some volume, perhaps system reserved. EDIT: No, it's my main and only hard drive. And HardDisk Vol3 is the windows10 partition. Neither sound like memory. Please speak to me like you would to a five year old. EEK ran on 1809, few hours before 1903 installation on Nov23. EEK is emsisoft's. WinSAT log item is on 1903. WinSAT is Microsoft's some kind of a system assessment tool. Moderators: if this should be in the Windows Defender thread, please move it.
Check out this thread: https://www.bleepingcomputer.com/fo...ntrolled-folder-access-blocking-system-files/ Appears the memory access block has something to do with WD Security Center Exploit Guard settings in regards to Controlled Folders access. Also refer to this: https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/create-deploy-exploit-guard-policy and verify that you haven't inadvertently configured via Group Policy this behavior.
Thanks much. Good link. Note post #4 - this memory thing seems to be a puzzle to shmu26. Aha, I do have Exploit Guard set. Hmmm. It wasn't inadvertent. I followed pages 99 and 100 in the Windows Defender thread https://www.wilderssecurity.com/thr...ntivirus-that-windows-10-needs.383448/page-99 so I used group policy using the ghacks and Microsoft's list. I did it in September and completely forgot about it. But that still does not point me into the Memory thing when WD complained about a whole drive as well as the Windows volume. As I reread the MS blurb about ASR, I'm not finding stuff about protected memory. But actually I don't understand many of those words or how these things work starting with whose memory?
Me again I still don't understand what memory has to do with access to drives, volumes, or, now, even the CD/DVD player inside my laptop. Powermgr.exe is a Lenovo power manager. What memory plays a role in the alerts I get several times a day? Unrelated to actually using the player which works just fine in spite of WD objecting to something. Typical entry:
I think you better switch off Controlled folder https://answers.microsoft.com/en-us...-blocked/ee9776bf-65f6-4610-8aaa-ffdc7847b83b
@Pat MacKnife, Thanks, but I'd like to keep it. I'm just trying to understand the memory reference. Please note the headings in my screenies. Compare to this, understood, folder access:
I too, wonder as to why I keep seeing these warnings, since I updated from Windows Build 1803 to Build 1903, recently, and with much aggravation as described by me in other Wilders' threads. - cf. Why is Controlled Folder Access (Ransomware Protection) blocking system services and programs after update to 1903.
https://answers.microsoft.com/en-us...ndows-10/b0c6abf9-df70-44d4-8343-206e07773b2d "The CompatTelRunner.exe is connected with the Microsoft Customer Experience Improvement Program and can be disabled in the Task Scheduler. ..." If you're not seeing it cause any problems you may disregard it. CFA is poorly implemented and I've had occasional system process blocks out of the blue with no apparent consequences. Or you could allow it.
All the warnings that pop up in protection history can add up from protected folders. There are ways to purge any malware or virus warnings but you simply cannot get rid of the protected folder alerts. If anyone has found a way could they please enlighten me. I got so many that in the end I turned off protected folders. There used to be a clear alerts button but that has gone now
