Allow RunDLL32.exe to install a driver?

Discussion in 'ProcessGuard' started by frogfoot, Nov 1, 2004.

Thread Status:
Not open for further replies.
  1. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    Hi,
    I have just installed PG3 final, and when opening the 'Options' tab in the ATI control panel a PG baloon pops up to report that RunDLL32.exe tried to install a driver. Shoul I allow this? Or could RunDLL32 be used maliciously to install something nasty?
    By the way, in the PG3 beta clicking on the 'Options' tab caused a blue screen. So that is a great step forward.

    Thanks
    Tom
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Frogfoot, rundll32 is a windows system program and can be trusted, clicking the alert will show that it is in the system32 folder I believe :)

    Cheers. Pilli
     
  3. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    Pilli Thanks for the prompt response. I apreciate RUNDLL32.exe is a Windows component, but could it be used by a 3rd party application, one which has previously been allowed to run, to install a driver, even if that application does not have driver install privs?
    Thanks again
    Tom
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Currently there are no risks associated with rundll32 :D


    Pilli.
     
  5. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    Thanks Pilli
    Tom
     
  6. siliconman01

    siliconman01 Registered Member

    Joined:
    Mar 6, 2003
    Posts:
    786
    Location:
    West Virginia (USA)
    You will also have to give Rundll32.exe access to Physical Memory for some programs such BelArc Advisory.
     
  7. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    5,703
    Location:
    North Carolina, USA
    You will need to let it install global hooks if you have a Nvidia graphics card.
     
  8. frogfoot

    frogfoot Registered Member

    Joined:
    Aug 8, 2004
    Posts:
    116
    Location:
    Yeovil UK
    As I have just found out Physical Memory is required to display the options tab in the display properties for ATI graphics cards (at least the latest 4.10 drivers)
    Tom
     
  9. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    any side effect to allowing RunDLL32 to access physical memory? I want to be clear as to what is going on here. If we all just blindly start allowing things to get rid of crashes, then the usefulness of having PG installed in the first place seems diminished.

    Can someone from DCS please comment?
    thanks
     
  10. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    RunDLL is sort of a small risk because some things can use it to load their DLL, however typically there needs to be another malicious EXE already running to do this (which sort of makes the point of calling RUNDLL invalid). I would put RunDLL on "Permit Once" and just allow it each time so I could monitor the COMMAND LINE parameters sent to it (which basically tell you what it is doing). It is sort of annoying if you need to do it every reboot, but for me it isn't that big a deal.

    I sort of prefer getting the execution protection prompt before running most things now, I only permit always my startup applications.
     
  11. LuckMan212

    LuckMan212 Registered Member

    Joined:
    Aug 19, 2004
    Posts:
    252
    Thanks Jason! PG 3 is a monumentous achievement! :)
     
  12. PodMan

    PodMan Guest

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.