MemProtect - Support & Discussion

Discussion in 'other anti-malware software' started by WildByDesign, Aug 21, 2016.

  1. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    No conflicts between MemProtect and WDEG. :thumb:
     
  2. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    I downloaded a pic in Chrome, clicked on it in Chrome, and it opened in Win10 Photo app.
    But I don't have Win10 Photo app whitelisted for Chrome.
    Why did it open?
     
    Last edited: Mar 23, 2018
  3. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,301
    If it wasn't blocked then Chrome wasn't the parent process of Win10 Photo app.

    Try to download a .zip file and you'll notice that explorer opens if the .zip file has been clicked in the download bar of Chrome.
    But if an image viewer installed and a picture is clicked in Chrome, launching of it would be blocked.

    There is a difference if certain files are opened "by Windows itself" (=Chrome is not the parent process) or by other installed 3rd-party applications (=Chrome is the parent process and launching of the application is blocked now)
     
  4. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    Yup. I see what you mean.
    If I download a Word doc in Chrome, and try to open it in Chrome, it fails, and the log says that Chrome tried to access windows defender engine and winword.
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,301
    Because the current version is expired, the developer uploaded a new version today.
    ("Demo driver will stop working in 2019. A follow up demo version will be available then which will work for another year.")
    Website
    memprotect_demo.exe (Digital signature of the driver: April 2, 2018)
     
  6. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    I am using the new memprotect_demo, but with my old config file.
    I have a whitelist rule like this:
    !*software_reporter_tool.exe>*
    but I get blocks like this:
    *** excubits.com demo ***: 2018/04/04_13:50 > MEMORY > C:\Users\Me\AppData\Local\Google\Chrome\User Data\SwReporter\25.140.201\software_reporter_tool.exe > C:\Windows\System32\audiodg.exe
    *** excubits.com demo ***: 2018/04/04_13:50 > MEMORY > C:\Users\Me\AppData\Local\Google\Chrome\User Data\SwReporter\25.140.201\software_reporter_tool.exe > C:\Windows\System32\sihost.exe
    *** excubits.com demo ***: 2018/04/04_13:50 > MEMORY > C:\Users\Me\AppData\Local\Google\Chrome\User Data\SwReporter\25.140.201\software_reporter_tool.exe > C:\Windows\System32\svchost.exe

    What's going wrong?
     
  7. 4Shizzle

    4Shizzle Registered Member

    Joined:
    May 27, 2015
    Posts:
    177
    Location:
    Europe
    Code:
    !*software_reporter_tool.exe>* 
    Is it one of your first rule? Try to set it on top of whitelist rules. Your rule looks okay I think. If its not working, it could be bug in MemProtect rule checking system I think.
     
  8. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    And how does the ASR feature called "Block office applications from injecting into other processes" compare to Memprotect's injection protection?
     
  9. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    I just answered in more detail on your other question, but I do not have a whole lot of experience testing the ASR rules in particular. Therefore I do not know exactly what mitigations Microsoft uses for this "Block office applications from injecting into other processes" ASR rule. MemProtect, as we know, utilizes the same process memory restrictions as Protected Process Light (PPL). There isn't a whole lot of detail as to whether this ASR rule uses underlying OS process mitigations (combination of mitigations) or if it actually uses some form of memory protection.
     
  10. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    But I have been told that memprotect can't block .net dlls, because they are compiled on the fly. Is this so?
    I made a block rule for System.Management.Automation.dll but powershell was still able to launch. Does this indicate that the dll was not actually blocked?
     
    Last edited: Apr 26, 2018
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,301
    Blocking a .dll doesn't explicitely mean that the executable (which wants to load the blocked dll) isn't able to launch anymore.
    And if the executable is able to launch, doesn't explicitely mean that the .dll wasn't blocked by MemProtect :)
    You should look into the log and/or look with Process Hacker or other tools if the dll was correctly blocked/isn't loaded (but looking into the logfile of Memprotect should be sufficient)

    Launching of powershell and putting of "management" in the search box of Process Hacker gives this result:
    MemProtect_powershell.exe.png
    After blacklisting of the module "System.Management.Automation.dll" with this rule:
    Code:
    [MODULEBLACKLIST]
    *powershell.exe>*System.Management.Automation*.dll
    
    it is now correctly blocked:
    MemProtect_powershell.exe_dll=blocked.png
    Logfile:
    Code:
    2018/04/26_20:55 > MODULE > C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe > C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\019096441c7d21075179c6cdcabfc3e2\System.Management.Automation.ni.dll
    2018/04/26_20:55 > MODULE > C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe > C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Manaa57fc8cc#\019096441c7d21075179c6cdcabfc3e2\System.Management.Automation.ni.dll
    
     
  12. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    Thanks. I had omitted the asterisk after Automation, so I guess that is why I did not see a block.
     
  13. shmu26

    shmu26 Registered Member

    Joined:
    Jul 9, 2015
    Posts:
    1,453
    What are good whitelist rules to ensure that native Windows components can do their job unhindered? In my config, I am caging Chrome, MS Office, and a few other apps inside their respective folders.
    These are my security whitelist rules at present, please comment.

    !*Windows Defender*>*
    !*>Windows Defender*
    !*Windows Security*>*
    !*>*Windows Security*
     
  14. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    I'm using memprotect demo version, and there seems to be a huge bug. According to memprotect manual - "Demo/Full version limits the size of the .ini file to 3KB/3MB. If you exceed the size, the driver discards the whole configuration and will not start up". When trying to start bouncer driver with "net start bouncer", going over the maximum file size of the demo version .ini (5188 bytes) shows

    "System error 1283 has occurred.

    Data present in one of the parameters is more than the function can operate on."

    However, "net start memprotect" works just fine, the driver starts regardless of .ini size, tested with 459 484 bytes .ini (4.59 mb, over 7k lines) (the demo limit is said to be 3kb, so if I can run it with more than that, I'd imagine it can reach infinite or until an integer overflow-like thing is reached). With a bigger .ini size Memprotect works as expected, but there is a performance loss that scales with the .ini size, up until there are no resources left and you can't do anything. As soon as I typed "net start memprotect" into cmd (which was whitelisted in NVT Exe Radar Pro and OSArmor) with the 4.59 mb .ini , my pc started to lag so hard it became inoperable, it's as if memprotect literally consumed 100% of my cpu, the only thing I managed to do was to remove the "#" from [INSTALLMODE] and then force-restart my pc through the case button. I'm sure if the .ini is 10mb, my pc would literally freeze and I wouldn't be able to do even that. With my work-in-progress default-deny config with module filtering, with a file size of 93 040 bytes the performance loss wasn't "inoperable" level, but it was still decently big - chrome tabs would take 5-6 secs to open rather than 1-2 (tested with page load time extension as well as general obviousness). Opening folders with file explorer would take 2-3 secs rather than be instant, etc. I'm not sure if the performance loss is cuz of the demo version or it's just memprotect in general with a big .ini size , but the ini file going over 3kb in the demo version is certainly an unintended feature, I'm gonna email the developer about it. Meanwhile, here is the config I am (was) testing, rules being added by the hour:

    [#LETHAL]
    [LOGGING]
    [#INSTALLMODE]
    [#DEFAULTALLOW]
    [MODULEFILTER]
    [WHITELIST]
    #Protected Processes | lsass.exe uses RUNASPPL
    C:\Windows\System32\csrss.exe>*
    C:\Windows\System32\lsass.exe>*
    C:\Windows\System32\services.exe>*
    #--------------------------------------------
    C:\Windows\explorer.exe>*
    C:\Windows\System32\svchost.exe>*
    C:\Windows\System32\Taskmgr.exe>*
    C:\Program Files\NoVirusThanks\EXERadarPro\ERPSvc.exe>*
    C:\Program Files\NoVirusThanks\EXERadarPro\RadarPro.exe>*
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe>*
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Program Files\NoVirusThanks\EXERadarPro\ERPSvc.exe
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Program Files\NoVirusThanks\EXERadarPro\RadarPro.exe
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Windows\System32\sihost.exe
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe>C:\Windows\System32\svchost.exe
    C:\Windows\System32\smartscreen.exe>C:\Windows\explorer.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\svchost.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\cmd.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\net.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\net1.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\sc.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\dstokenclean.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\Defrag.exe
    C:\Windows\System32\conhost.exe>C:\Windows\System32\tzsync.exe
    C:\Windows\System32\conhost.exe>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe
    C:\Windows\System32\conhost.exe>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\System32\conhost.exe>C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\System32\conhost.exe>C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvSHIM.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentask.exe>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngentask.exe>C:\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Windows\System32\cmd.exe>C:\Program Files (x86)\SpeedFan\speedfan.exe
    C:\Windows\System32\cmd.exe>C:\Windows\System32\net.exe
    C:\Windows\System32\net.exe>C:\Windows\System32\net1.exe
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\svchost.exe
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\taskhostw.exe
    C:\Windows\System32\audiodg.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Windows\System32\audiodg.exe>C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\Editor.exe
    C:\Windows\System32\audiodg.exe>C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
    C:\Windows\System32\SearchIndexer.exe>C:\Windows\System32\SearchProtocolHost.exe
    C:\Windows\System32\SearchIndexer.exe>C:\Windows\System32\SearchFilterHost.exe
    C:\Windows\System32\consent.exe>C:\Windows\System32\svchost.exe
    C:\Windows\System32\winlogon.exe>C:\Windows\System32\consent.exe
    C:\Windows\System32\winlogon.exe>C:\Windows\System32\LaunchTM.exe
    C:\Windows\System32\winlogon.exe>C:\Windows\System32\userinit.exe
    C:\Windows\System32\winlogon.exe>C:\Windows\System32\LogonUI.exe
    C:\Windows\System32\LogonUI.exe>C:\Windows\System32\winlogon.exe
    C:\Windows\System32\LogonUI.exe>C:\Windows\System32\wininit.exe
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\Taskmgr.exe
    C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_*\TiWorker.exe>C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\servicing\TrustedInstaller.exe>C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_*\TiWorker.exe
    C:\Windows\System32\sihost.exe>C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    C:\Windows\System32\sihost.exe>C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    C:\Windows\System32\sihost.exe>C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\System32\sppsvc.exe>C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    C:\Windows\System32\RuntimeBroker.exe>C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    C:\Windows\System32\RuntimeBroker.exe>C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    C:\Windows\System32\RuntimeBroker.exe>C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    C:\Windows\System32\RuntimeBroker.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Windows\System32\RuntimeBroker.exe>C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Windows\System32\ApplicationFrameHost.exe>C:\Windows\ImmersiveControlPanel\SystemSettings.exe
    C:\Windows\System32\ApplicationFrameHost.exe>C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
    C:\Windows\SysWOW64\runonce.exe>C:\Program Files (x86)\REDRAGON GAMING MOUSE\MMMon.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\cmd.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Tray.exe>C:\Windows\notepad.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Tray.exe>C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTray_x64.exe>C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTray_x64.exe>C:\Windows\notepad.exe
    C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe>C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe>C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe>C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvSHIM.exe
    C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe>C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleUpdateBroker.exe>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe>C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe>C:\Windows\explorer.exe
    C:\Program Files (x86)\REDRAGON GAMING MOUSE\MMMon.exe>C:\Program Files (x86)\REDRAGON GAMING MOUSE\MMCfg.exe
    C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteLauncher.exe>C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe
    C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe>C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe
    C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping_BE.exe>C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe
    [BLACKLIST]
    # Wouldn't STFU otherwise
    $C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\explorer.exe
    [MODULEWHITELIST]
    C:\Windows\System32\svchost.exe>C:\Windows\System32\smartscreen.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\audiodg.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\consent.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\dllhost.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\Taskmgr.exe
    C:\Windows\System32\svchost.exe>C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe
    C:\Windows\System32\svchost.exe>C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\FWPUCLNT.DLL
    C:\Windows\System32\svchost.exe>C:\Windows\System32\AppXDeploymentClient.dll
    C:\Windows\System32\svchost.exe>C:\Windows\System32\OnDemandConnRouteHelper.dll
    C:\Windows\System32\svchost.exe>C:\Windows\System32\aepic.dll
    C:\Windows\System32\svchost.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\svchost.exe>C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe
    C:\Windows\System32\svchost.exe>C:\Windows\System32\ntmarta.dll
    C:\Windows\System32\dwm.exe>C:\Windows\System32\d3d10warp.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\MMDevAPI.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\devobj.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\AudioSes.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\avrt.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\AudioEng.dll
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\EqualizerAPO.dll
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\libsndfile-1.dll
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\libfftw3f-3.dll
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\msvcp120.dll
    C:\Windows\System32\audiodg.exe>C:\Program Files\EqualizerAPO\msvcr120.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\WMALFXGFXDSP.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\AUDIOKSE.dll
    C:\Windows\System32\audiodg.exe>C:\Windows\System32\Windows.Media.Devices.dll
    C:\Windows\System32\conhost.exe>C:\Windows\System32\dwmapi.dll
    C:\Windows\System32\conhost.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\System32\conhost.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_*\comctl32.dll
    C:\Windows\System32\cmd.exe>C:\Windows\System32\conhost.exe
    C:\Windows\System32\cmd.exe>C:\Windows\System32\net.exe
    C:\Windows\System32\net.exe>C:\Windows\System32\mpr.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\netutils.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\wkscli.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\samcli.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Windows\System32\net.exe>C:\Windows\System32\srvcli.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\net.exe>C:\Windows\System32\net1.exe
    C:\Windows\System32\net1.exe>C:\Windows\System32\dsrole.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\srvcli.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\samcli.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\netutils.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\wkscli.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\logoncli.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\System32\net1.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\IDStore.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\userenv.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\thumbcache.dll
    C:\Windows\System32\dllhost.exe>C:\Windows\System32\propsys.dll
    C:\Windows\explorer.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Windows\explorer.exe>C:\Windows\System32\*.dll
    C:\Windows\explorer.exe>C:\Windows\System32\winspool.drv
    C:\Windows\explorer.exe>C:\Program Files\*\*.dll
    C:\Windows\explorer.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_fb4599993062b194\comctl32.dll
    C:\Windows\explorer.exe>C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.228_none_2c308c7e8af52b62\GdiPlus.dll
    C:\Windows\explorer.exe>C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_08e0c10ba840a28a\msvcr90.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\tquery.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\cryptdll.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\mssprxy.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\sxs.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\Windows.StateRepositoryPS.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\xmlfilter.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\msxml6.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\Query.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\PhotoMetadataHandler.dll
    C:\Windows\System32\SearchFilterHost.exe>C:\Windows\System32\WindowsCodecs.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\Chakra.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\msdelta.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\iertutil.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\cryptsp.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\canonurl.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\Windows.Globalization.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\BCP47mrm.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\BCP47Langs.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\rometadata.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\WinRtTracing.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\Windows.Web.Http.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\rsaenh.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\Windows.Security.Authentication.OnlineId.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\smartscreenps.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\dpapi.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\tbs.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\wkscli.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\netjoin.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\joinutil.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\netutils.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\slc.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\sppc.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\policymanager.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\msvcp110_win.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\wininet.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\sspicli.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\OnDemandConnRouteHelper.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\winhttp.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\mswsock.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\FirewallAPI.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\fwbase.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\winnsi.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\dnsapi.dll
    C:\Windows\System32\smartscreen.exe>C:\Windows\System32\rasadhlp.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\sspicli.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\userenv.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\wmsgapi.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\amsi.dll
    C:\Windows\System32\consent.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_fb4599993062b194\comctl32.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\msimg32.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\MsCtfMonitor.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\winsta.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\wtsapi32.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\cryptsp.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\msutb.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\rsaenh.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\gpapi.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\cryptnet.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\urlmon.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\iertutil.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\dwmapi.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\InputSwitch.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\BCP47Langs.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\wininet.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\dui70.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\duser.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\credui.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\wincredui.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\AudioSes.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\avrt.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\MMDevAPI.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\devobj.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.CredDialogController.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\TextInputFramework.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\CoreUIComponents.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\CoreMessaging.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\ntmarta.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\WindowsCodecs.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.XamlHost.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\xmllite.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\DWrite.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.Cred.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\wincorlib.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\MrmCoreR.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\InputHost.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\LanguageOverlayUtil.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\BCP47mrm.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\UIAnimation.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.Xaml.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\dcomp.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\dxgi.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\d3d11.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.UI.Immersive.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\d3d10warp.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\twinapi.appcore.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\rmclient.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\ResourcePolicyClient.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvldumdx.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\version.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvwgf2umx_cfg.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\winmm.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\winmmbase.dll
    C:\Windows\System32\consent.exe>C:\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\d2d1.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.Globalization.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\FontGlyphAnimator.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\UIAutomationCore.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\sxs.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\Windows.Internal.UI.Logon.ProxyStub.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\directmanipulation.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\threadpoolwinrt.dll
    C:\Windows\System32\consent.exe>C:\Windows\System32\ninput.dll
    C:\Windows\System32\SearchIndexer.exe>C:\Windows\System32\SearchFilterHost.exe
    C:\Windows\System32\SearchIndexer.exe>C:\Windows\System32\SearchProtocolHost.exe
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\ntshrui.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\sspicli.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\srvcli.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\cscapi.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\tquery.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\cryptdll.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\msidle.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\mssprxy.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\mssph.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\authz.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\ntmarta.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\Windows.StateRepositoryPS.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\edputil.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\cldapi.dll
    C:\Windows\System32\SearchProtocolHost.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\winlogon.exe>C:\Windows\System32\LaunchTM.exe
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\edputil.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\Windows.StateRepositoryPS.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\urlmon.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\iertutil.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\sspicli.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\cldapi.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\Taskmgr.exe
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\mpr.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\pcacli.dll
    C:\Windows\System32\LaunchTM.exe>C:\Windows\System32\sfc_os.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_fb4599993062b194\comctl32.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\duser.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\credui.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\pdh.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dui70.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dxgi.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\d3d11.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\D3D12.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\msvcp110_win.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dwmapi.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\TextInputFramework.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\CoreMessaging.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\CoreUIComponents.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\ntmarta.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\policymanager.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\srumapi.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\wtsapi32.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\atlthunk.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\xmllite.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\winnsi.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\winsta.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\WindowsCodecs.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\propsys.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.UI.Immersive.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\oleacc.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\thumbcache.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\samcli.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\samlib.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\actxprxy.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\netutils.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.ApplicationModel.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\twinapi.appcore.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\rmclient.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.StateRepositoryPS.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\d3d9.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\ResourcePolicyClient.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\d3d10warp.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dxilconv.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\D3DSCache.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\userenv.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\devobj.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvldumdx.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\version.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\cryptsp.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\rsaenh.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\AppResolver.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\BCP47Langs.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\slc.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\sppc.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvwgf2umx_cfg.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\winmm.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\winmmbase.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\apphelp.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\TileDataRepository.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\StateRepository.Core.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.StateRepository.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\usermgrcli.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\UserMgrProxy.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.StateRepositoryClient.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\MrmCoreR.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\Windows.UI.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\InputHost.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\LanguageOverlayUtil.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\BCP47mrm.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\iertutil.dll
    C:\Windows\System32\Taskmgr.exe>C:\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dhcpcsvc6.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\dhcpcsvc.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\wkscli.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\netjoin.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\joinutil.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\profext.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\System32\chartv.dll
    C:\Windows\System32\Taskmgr.exe>C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_*\GdiPlus.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\tscfgwmi.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\regapi.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\ncrypt.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\winsta.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\dsparse.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\ntasn1.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\dsrole.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\cfgbkend.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\utildll.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\srvcli.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\browcli.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\samcli.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\netutils.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\logoncli.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\ncobjapi.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbemcomn.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbem\fastprox.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbem\wbemprox.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbem\wbemsvc.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbem\wmiutils.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\wbem\cimwin32.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\framedynos.dll
    C:\Windows\System32\wbem\WmiPrvSE.exe>C:\Windows\System32\sspicli.dll
    C:\Windows\notepad.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_fb4599993062b194\comctl32.dll
    C:\Windows\notepad.exe>C:\Windows\System32\propsys.dll
    C:\Windows\notepad.exe>C:\Windows\System32\winspool.drv
    C:\Windows\notepad.exe>C:\Windows\System32\urlmon.dll
    C:\Windows\notepad.exe>C:\Windows\System32\iertutil.dll
    C:\Windows\notepad.exe>C:\Windows\System32\bcrypt.dll
    C:\Windows\notepad.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Windows\notepad.exe>C:\Windows\System32\cryptbase.dll
    C:\Windows\notepad.exe>C:\Windows\System32\uxtheme.dll
    C:\Windows\notepad.exe>C:\Windows\System32\MrmCoreR.dll
    C:\Windows\notepad.exe>C:\Windows\System32\dwmapi.dll
    C:\Windows\notepad.exe>C:\Windows\System32\efswrt.dll
    C:\Windows\notepad.exe>C:\Windows\System32\mpr.dll
    C:\Windows\notepad.exe>C:\Windows\System32\WinTypes.dll
    C:\Windows\notepad.exe>C:\Windows\System32\twinapi.appcore.dll
    C:\Windows\notepad.exe>C:\Windows\System32\rmclient.dll
    C:\Windows\notepad.exe>C:\Windows\System32\oleacc.dll
    C:\Windows\notepad.exe>C:\Windows\System32\TextInputFramework.dll
    C:\Windows\notepad.exe>C:\Windows\System32\CoreMessaging.dll
    C:\Windows\notepad.exe>C:\Windows\System32\CoreUIComponents.dll
    C:\Windows\notepad.exe>C:\Windows\System32\ntmarta.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\prnfldr.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\prncache.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\winspool.drv
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\netprofm.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\npmproxy.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\dhcpcsvc6.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\dhcpcsvc.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\thumbcache.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\policymanager.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\System32\msvcp110_win.dll
    C:\Program Files\Notepad++\notepad++.exe>C:\Windows\explorer.exe
    C:\Program Files\NoVirusThanks\EXERadarPro\ERPSvc.exe>C:\Windows\System32\sfc.dll
    C:\Program Files\NoVirusThanks\EXERadarPro\ERPSvc.exe>C:\Windows\System32\sfc_os.dll
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe>C:\Windows\System32\sfc.dll
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevSvc.exe>C:\Windows\System32\sfc_os.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Program Files (x86)\MSI Afterburner\RTMUI.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Program Files (x86)\MSI Afterburner\RTCore.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Program Files (x86)\MSI Afterburner\RTFC.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Program Files (x86)\MSI Afterburner\RTUI.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\wininet.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Program Files (x86)\MSI Afterburner\RTHAL.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\winmm.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9415_none_508df7e2bcbccb90\msvcr90.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_42f2d07044deda9a\comctl32.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17134.228_none_73ddc3559f715468\GdiPlus.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\winmmbase.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\msimg32.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\version.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\ddraw.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\dciman32.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\dxgi.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\uxtheme.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\dwmapi.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\devobj.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\nvapi.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\TextInputFramework.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\CoreUIComponents.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\CoreMessaging.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\ntmarta.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\WinTypes.dll
    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe>C:\Windows\SysWOW64\taskschd.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTray_x64.exe>C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\apphelp.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\version.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\winmm.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wsock32.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\mpr.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_fb4599993062b194\comctl32.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wininet.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\userenv.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\uxtheme.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\winmmbase.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\dwmapi.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbem\wbemdisp.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbemcomn.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\bcrypt.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbem\wbemprox.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbem\wmiutils.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbem\wbemsvc.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\wbem\fastprox.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTrayHelper_x64.exe>C:\Windows\System32\sxs.dll
    C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTray_x64.exe>C:\Windows\notepad.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Tray.exe>C:\Windows\notepad.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Tray.exe>C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\cmd.exe
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\TextInputFramework.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\CoreMessaging.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\CoreUIComponents.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\ntmarta.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\WinTypes.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\wsock32.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\version.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_*\comctl32.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\winmm.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\mpr.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\wininet.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\userenv.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\uxtheme.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\IPHLPAPI.DLL
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\winmmbase.dll
    C:\Program Files (x86)\Excubits\MemProtect\Tools\Admin Tool.exe>C:\Windows\System32\dwmapi.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Program Files (x86)\Google\Update\1.3.33.17\goopdate.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\IPHLPAPI.DLL
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\version.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\msi.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\netapi32.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\userenv.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\wtsapi32.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.228_none_42f2d07044deda9a\comctl32.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\msimg32.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\uxtheme.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\wininet.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\bcrypt.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\wkscli.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\netutils.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\cscapi.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\ntmarta.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\dbghelp.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\dbgcore.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\netjoin.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\joinutil.dll
    C:\Program Files (x86)\Google\Update\GoogleUpdate.exe>C:\Windows\SysWOW64\iertutil.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\*.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\winspool.drv
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_*\comctl32.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\chrome_elf.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\chrome_child.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\libegl.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\libglesv2.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\chrome_watcher.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvldumdx.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f5be1f8d25335236\nvwgf2umx_cfg.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_*\GdiPlus.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\NVIDIA Corporation\Ansel\Tools\NvCameraWhitelisting64.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\TortoiseGitStub.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\TortoiseGit.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\libgit2_tgit.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\gitdll.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\msvcp140.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\vcruntime140.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\zlib1_tgit.dll
    C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files\TortoiseGit\bin\crshhndl.dll
    [MODULEBLACKLIST]
    [EOF]
     
    Last edited: Aug 30, 2018
  15. 4Shizzle

    4Shizzle Registered Member

    Joined:
    May 27, 2015
    Posts:
    177
    Location:
    Europe
    @Floyd 57 : What demo are you using? Current demo from website does not support files >~ 500kb from my test here. so if you can load large files, you have full version? or beta?

    I dont have tested big ini file, but from my test it worked with little lags, maybe your other security tool intercept and so the drivers delay each other. I would suggest you try with a clean system (vm) not having too much sec tools installed same time, if it then laggs it is problem with memprotect.

    your current memprotect config looks decent to me. I would not expects issues, but will also try it with minor changes fit my config here.
     
  16. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Hmm... Memprotect demo? :D It's not the full version cuz I haven't bought it, the manual says Version 1.1.0 (July 2017) (both of the manuals, in the root memprotect folder and tools folder), and I remember using memprotect_demo.exe (or something like that, which I have now deleted). I'll test it later, gonna make a quick macrium image, uninstall (sc delete memprotect) memprotect drivers, delete folders/registry keys, and then unpack it again using the memprotect demo exe from the excubits site (just like when I first installed it :rolleyes:). If the "new" one doesn't work, then I'll revert back and see what could be causing this mighty bug, and then I'll test to see if I can find what's causing the performance hit. Might be worth noting that I installed memprotect drivers with cmd since my .inf files don't have "Install" in the context menu:

    C:\WINDOWS\system32>infdefaultinstall "C:\Program Files (x86)\Excubits\MemProtect\x64\MemProtect.inf"


    Decent might be a strong word for my config at this point of time in terms of completion, but the former (word) isn't a weak one either. I haven't ran much software, but at least the windows ones are (mostly) covered. Default-deny drastically reduces the exploitable attack vectors of the processes (duh), and once you take the initial time to configure it, you won't have to change the config (much), besides new software installs and major updates (perfect for locking down machines, not so much if you can't recognize your machine from week-to-week, but then that's why there's an off button right). I'm surprised (or am I) that no one here has done (or posted) a default-deny setup, I just LOVE manually doing stuff, you might say I have a no-GUI fetish :isay:
     
    Last edited: Aug 30, 2018
  17. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    Nazi mods removed my post where I showed an image of a part of my discussion with Florian - "Post Removed Due to Public Posting of a Private Communication - Read Our Terms of Service Please!", so I'm just gonna say that the issue is solved and that Florian confirmed that memprotect eats performance scaling with .ini size, so I've reduced my default-deny config from 600+ to just 65 lines, 8 kb in size:

    [LETHAL]
    [LOGGING]
    [#INSTALLMODE]
    [#DEFAULTALLOW]
    [MODULEFILTER]
    [WHITELIST]
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    C:\Windows\explorer.exe>*
    C:\Windows\ImmersiveControlPanel\SystemSettings.exe>C:\Windows\explorer.exe
    C:\Windows\System32\*.exe>*
    C:\Windows\SysWOW64\runonce.exe>C:\Program Files (x86)\REDRAGON GAMING MOUSE\MMMon.exe
    C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_*\TiWorker.exe>C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\servicing\TrustedInstaller.exe>C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_*\TiWorker.exe
    C:\Windows\Microsoft.NET\Framework*\v4.0.30319\*.exe>C:\Windows\Microsoft.NET\Framework*\v4.0.30319\*.exe
    C:\Program Files\NoVirusThanks\EXERadarPro\*.exe>*
    C:\Program Files\NoVirusThanks\OSArmorDevSvc\*.exe>*
    C:\Program Files*\*\*.exe>C:\Program Files*\*\*.exe
    C:\Program Files*\*\*.exe>C:\Windows\explorer.exe
    C:\Program Files*\*\*.exe>C:\Windows\notepad.exe
    C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe>C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe>*
    C:\Program Files\Epic Games\Fortnite\FortniteGame\Binaries\Win64\FortniteClient-Win64-Shipping.exe>*
    C:\Program Files (x86)\Common Files\BattlEye\BEService.exe>*
    C:\Program Files\Macrium\Common\MacriumService.exe>C:\Windows\*.exe
    C:\Program Files\simplewall\simplewall.exe>C:\Windows\*.exe
    C:\Program Files (x86)\Excubits\*\Tools\Admin Tool.exe>C:\Windows\System32\cmd.exe
    [BLACKLIST]
    $*chrome.exe>C:\Windows\explorer.exe
    *chrome.exe>*
    [MODULEWHITELIST]
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Program Files (x86)\Google\Chrome Beta\Application\69.0.3497.72\*.dll
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\*.dll
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\System32\*.drv
    !C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe>C:\Windows\WinSxS\amd64_microsoft.windows.common-controls*\comctl32.dll
    C:\Windows\explorer.exe>*
    C:\Windows\*.exe>C:\Windows\System32\*.dll
    C:\Windows\*.exe>C:\Windows\System32\*.drv
    C:\Windows\*.exe>C:\Windows\SYSWOW64\*.dll
    C:\Windows\*.exe>C:\Windows\SYSWOW64\*.drv
    C:\Windows\*.exe>C:\Windows\WinSxS\*.dll
    C:\Windows\*.exe>C:\Windows\*.exe
    C:\Windows\*.exe>C:\Program Files*\*\*.dll
    C:\Windows\*.exe>C:\Program Files*\*\*.exe
    C:\Windows\System32\rundll32.exe>C:\Windows\System32\*.cpl
    C:\Windows\*.exe>C:\Windows\assembly\NativeImages_v4.0.30319_??\*.ni.dll
    C:\Windows\*.exe>C:\Windows\Microsoft.NET\*.dll
    C:\Windows\*.exe>C:\Windows\ShellExperiences\*.dll
    C:\Windows\*.exe>C:\Windows\ImmersiveControlPanel\*.dll
    C:\Windows\*.exe>C:\Windows\servicing\*.dll
    C:\Program Files*\*\*.exe>C:\Windows\System32\*.dll
    C:\Program Files*\*\*.exe>C:\Windows\System32\*.drv
    C:\Program Files*\*\*.exe>C:\Windows\SYSWOW64\*.dll
    C:\Program Files*\*\*.exe>C:\Windows\SYSWOW64\*.drv
    C:\Program Files*\*\*.exe>C:\Windows\WinSxS\*.dll
    C:\Program Files*\*\*.exe>C:\Windows\notepad.exe
    C:\Program Files*\*\*.exe>C:\Program Files*\*\*.dll
    C:\Program Files*\*\*.exe>C:\Program Files*\*\*.exe
    C:\Program Files (x86)\SpeedFan\speedfan.exe>C:\Windows\SysWOW64\hhctrl.ocx
    C:\Program Files (x86)\SpeedFan\speedfan.exe>C:\Users\User\AppData\Local\Temp\sfa*00001.dll
    C:\Program Files (x86)\Excubits\*\Tools\Admin Tool.exe>C:\Windows\System32\cmd.exe
    [MODULEBLACKLIST]
    $*chrome.exe>C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
    $*chrome.exe>C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
    *chrome.exe>*
    [EOF]
     
  18. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    20,590
    The "Nazi" comment is also very unwelcome. There are rules to follow and they are enforced. You do have a choice.
     
  19. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    So, after another few emails, Florian told me that he'll test memprotect performance with 512kb ini and will try to optimize it, although he said there isn't much room for improvement from what he can see

    Also, ever since I updated chrome to 69.0.3497.81 which was yesterday , I started getting blockages from chrome in memprotect logs every 20-30 mins like these, I'm still getting them:

    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files\NoVirusThanks\EXERadarPro\RadarPro.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files\NoVirusThanks\OSArmorDevSvc\OSArmorDevUI.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\sihost.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\svchost.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\svchost.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\taskhostw.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\RuntimeBroker.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files (x86)\Excubits\Bouncer\Tools\BouncerTray_x64.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files\Shadow Defender\DefenderDaemon.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files (x86)\Skype\Phone\Skype.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files (x86)\REDRAGON GAMING MOUSE\MMMon.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files (x86)\Excubits\Pumpernickel\Tools\Tray.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files (x86)\Excubits\MemProtect\Tools\Tray.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    *** excubits.com demo ***: 2018/09/05_14:39 > MEMORY > C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe > C:\Windows\System32\ApplicationFrameHost.exe

    Those are all running processes on my system. I've been using chrome 69 for about a month cuz I'm on the Beta channel and I've never had such blockages, this is something new with the new version, last version I used before that was 69.0.3497.72, so from .72 to .81 something changed that caused this, I suppose, now if only I knew what the changes on the official changelog actually mean https://chromium.googlesource.com/chromium/src/ log/69.0.3497.72..69.0.3497.81?pretty=fuller&n=10000 that stuff's still a bit too technical for me

    Not blocking those memory operations will surely result in security holes, but I'm also curious what new feature or thing is causing them
     
  20. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,301
    Try to disable the following flag and see if it makes any difference:
    chrome://flags/#automatic-tab-discarding
     
  21. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    I emailed Florian about these blocks, let's see how it goes

    While I use A LOT of flags, I'll post them here, I haven't changed anything in chrome://flags since the last version, so that shouldn't be the problem:

    Override software rendering list
    Overrides the built-in software rendering list and enables GPU-acceleration on unsupported system configurations. – Mac, Windows, Linux, Chrome OS, Android

    #ignore-gpu-blacklist
    New history entries require a user gesture.
    Require a user gesture to add a history entry. – Mac, Windows, Linux, Chrome OS, Android

    #enable-history-entry-requires-user-gesture
    Hyperlink auditing
    Sends hyperlink auditing pings. – Mac, Windows, Linux, Chrome OS, Android

    #disable-hyperlink-auditing
    Smooth Scrolling
    Animate smoothly when scrolling page content. – Windows, Linux, Chrome OS, Android

    #smooth-scrolling
    0" jstcache="9">
    Experimental QUIC protocol
    Enable experimental QUIC protocol support. – Mac, Windows, Linux, Chrome OS, Android

    #enable-quic
    0" jstcache="9">
    GPU rasterization
    Use GPU to rasterize web content. Requires impl-side painting. – Mac, Windows, Linux, Chrome OS, Android

    #enable-gpu-rasterization
    0" jstcache="9">
    Out of process rasterization
    Perform Ganesh raster in the GPU Process instead of the renderer. Must also enable GPU rasterization – Mac, Windows, Linux, Chrome OS, Android

    #enable-oop-rasterization
    0" jstcache="9">
    GPU rasterization MSAA sample count.
    Specify the number of MSAA samples for GPU rasterization. – Mac, Windows, Linux, Chrome OS, Android

    #gpu-rasterization-msaa-sample-count
    0" jstcache="9">
    UI Layout for the browser's top chrome
    Toggles between 1) Normal - for clamshell devices, 2) Hybrid (previously touch) - middle point for devices with a touch screen, 3) Touchable - new unified interface for touch and convertibles (Chrome OS), 4) Material Design refresh and 5) Touchable Material Design refresh. Enabling #upcoming-ui-features forces the Material Design refresh option. – Mac, Windows, Linux, Chrome OS

    #top-chrome-md
    0" jstcache="9">
    Material Design in the rest of the browser's native UI
    Extends the --top-chrome-md setting to secondary UI (bubbles, dialogs, etc.). On Mac, this enables MacViews, which uses toolkit-views for native browser dialogs. If --top-chrome-md is effectively Material Design refresh, this option is enabled. – Mac, Windows, Linux, Chrome OS

    #secondary-ui-md
    0" jstcache="9">
    Offline Auto-Reload Mode
    Pages that fail to load while the browser is offline will be auto-reloaded when the browser is online again. – Mac, Windows, Linux, Chrome OS, Android

    #enable-offline-auto-reload
    0" jstcache="9">
    Only Auto-Reload Visible Tabs
    Pages that fail to load while the browser is offline will only be auto-reloaded if their tab is visible. – Mac, Windows, Linux, Chrome OS, Android

    #enable-offline-auto-reload-visible-only
    0" jstcache="9">
    Default tile width
    Specify the default tile width. – Mac, Windows, Linux, Chrome OS, Android

    #default-tile-width
    0" jstcache="9">
    Default tile height
    Specify the default tile height. – Mac, Windows, Linux, Chrome OS, Android

    #default-tile-height
    0" jstcache="9">
    Simple Cache for HTTP
    The Simple Cache for HTTP is a new cache. It relies on the filesystem for disk space allocation. – Mac, Windows, Linux, Chrome OS

    #enable-simple-cache-backend
    0" jstcache="9">
    Zero-copy rasterizer
    Raster threads write directly to GPU memory associated with tiles. – Mac, Windows, Linux, Chrome OS, Android

    #enable-zero-copy
    0" jstcache="9">
    Number of raster threads
    Specify the number of raster threads. – Mac, Windows, Linux, Chrome OS, Android

    #num-raster-threads
    0" jstcache="9">
    Extension Content Verification
    This flag can be used to turn on verification that the contents of the files on disk for extensions from the webstore match what they're expected to be. This can be used to turn on this feature if it would not otherwise have been turned on, but cannot be used to turn it off (because this setting can be tampered with by malware). – Mac, Windows, Linux, Chrome OS

    #extension-content-verification
    0" jstcache="9">
    New style notification
    Enables the experiment style of material-design notification – Mac, Windows, Linux, Chrome OS

    #enable-message-center-new-style-notification
    0" jstcache="9">
    Tab audio muting UI control
    When enabled, the audio indicators in the tab strip double as tab audio mute controls. This also adds commands in the tab context menu for quickly muting multiple selected tabs. –Mac, Windows, Linux, Chrome OS

    #enable-tab-audio-muting
    Reduce default 'referer' header granularity.
    If a page hasn't set an explicit referrer policy, setting this flag will reduce the amount of information in the 'referer' header for cross-origin requests. – Mac, Windows, Linux, Chrome OS, Android

    #reduced-referrer-granularity
    Strict site isolation
    Security mode that enables site isolation for all sites. When enabled, each renderer process will contain pages from at most one site, using out-of-process iframes when needed. When enabled, this flag forces the strictest site isolation mode (SitePerProcess). When disabled, the site isolation mode will be determined by enterprise policy or field trial. – Mac, Windows, Linux, Chrome OS, Android

    #enable-site-per-process
    Top document isolation
    Highly experimental performance mode where cross-site iframes are kept in a separate process from the top document. In this mode, iframes from different third-party sites will be allowed to share a process. – Mac, Windows, Linux, Chrome OS, Android

    #enable-top-document-isolation
    0" jstcache="9">
    WebXR Device API
    Enables access to experimental APIs to interact with Virtual Reality (VR) and Augmented Reality (AR) devices. – Mac, Windows, Linux, Chrome OS, Android

    #webxr
    0" jstcache="9">
    Oculus hardware support
    If enabled, Chrome will use Oculus devices for VR (supported only on Windows 10 or later).– Windows

    #oculus-vr
    0" jstcache="9">
    V8 caching mode.
    Caching mode for the V8 JavaScript engine. – Mac, Windows, Linux, Chrome OS, Android

    #v8-cache-options
    0" jstcache="9">
    Block scripts loaded via document.write
    Disallows fetches for third-party parser-blocking scripts inserted into the main frame via document.write. – Mac, Windows, Linux, Chrome OS, Android

    #disallow-doc-written-script-loads
    0" jstcache="9">
    Enable AppContainer Lockdown.
    Enables the use of an AppContainer on sandboxed processes to improve security. –Windows

    #enable-appcontainer
    0" jstcache="9">
    Enable offering upload of Autofilled credit cards
    Enables a new option to upload credit cards to Google Payments for sync to all Chrome devices. – Mac, Windows, Linux, Chrome OS, Android

    #enable-autofill-credit-card-upload
    0" jstcache="9">
    FontCache scaling
    Reuse a cached font in the renderer to serve different sizes of font for faster layout. – Mac, Windows, Linux, Chrome OS, Android

    #enable-font-cache-scaling
    0" jstcache="9">
    Framebusting requires same-origin or a user gesture
    Don't permit an iframe to navigate the top level browsing context unless they are same-origin or the iframe is processing a user gesture. – Mac, Windows, Linux, Chrome OS, Android

    #enable-framebusting-needs-sameorigin-or-usergesture
    0" jstcache="9">
    Optimize background video playback.
    Disable video tracks when the video is played in the background to optimize performance. –Mac, Windows, Linux, Chrome OS, Android

    #disable-background-video-track
    0" jstcache="9">
    Enable new Print Preview UI
    If enabled, Print Preview will display a newer UI. This feature is activated if either this flag or #upcoming-ui-features is enabled. – Mac, Windows, Linux, Chrome OS

    #enable-new-print-preview
    0" jstcache="9">
    NoState Prefetch
    If enabled, pre-downloads resources to improve page load speed. – Mac, Windows, Linux, Chrome OS, Android

    #enable-nostate-prefetch
    0" jstcache="9">
    Enable the New App Menu Icon
    Use the new app menu icon with update notification animations. – Mac, Windows, Linux, Chrome OS

    #enable-new-app-menu-icon
    0" jstcache="9">
    Sound content setting
    Enable site-wide muting in content settings and tab strip context menu. – Mac, Windows, Linux, Chrome OS, Android

    #sound-content-setting
    0" jstcache="9">
    Improved Language Settings
    Set of changes for Language Settings. These changes are intended to fix the major bugs related to Language Settings. – Mac, Windows, Linux, Chrome OS, Android

    #enable-improved-language-settings
    0" jstcache="9">
    Parallel downloading
    Enable parallel downloading to accelerate download speed. – Mac, Windows, Linux, Chrome OS, Android

    #enable-parallel-downloading
    0" jstcache="9">
    New Media Controls
    Enables the new style native media controls. – Mac, Windows, Linux, Chrome OS, Android

    #enable-modern-media-controls
    0" jstcache="9">
    Enable GPU AppContainer Lockdown.
    Enables the use of an AppContainer for the GPU sandboxed processes to improve security.– Windows

    #enable-gpu-appcontainer
    0" jstcache="9">
    Enable lazy frame loading
    Defers the loading of certain cross-origin frames until the page is scrolled down near them.– Mac, Windows, Linux, Chrome OS, Android

    #enable-lazy-frame-loading
    0" jstcache="9">
    New Tab Page Material Design UI
    Updates the New Tab Page with Material Design elements. – Mac, Windows, Linux, Chrome OS

    #ntp-ui-md

    Automatic tab discarding is set at default, I disabled it and right after reopening chrome again to apply the changes I got the blockages again :D And then 20 mins later too
     
  22. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    Those blockages occur also when going to chrome://gpu for me, so I have seen it before. Essentially, for whatever reason (I don't know), chrome.exe is polling all running processes when viewing that page. That is just what Chrome does by design. I don't bother creating rules for all of those blockages though and just let the blockages occur. The problem is that it is normal,expected behaviour from chrome.exe and therefore there likely is not much that can be done from a development perspective.
     
  23. Floyd 57

    Floyd 57 Registered Member

    Joined:
    Mar 17, 2017
    Posts:
    548
    Location:
    Europe
    But it never did it before for me...

    Anyway, the PAST is the PAST, no point in wondering "Why chrome does this" now, the important is the PRESENT and the FUTURE, so let's think for the FUTURE - how to stop these blocks? They are harmless cuz my chrome hasn't had any problem with memprotect blocking it, BUT, I really dislike memprotect becoming red every 20 mins. SOOO, it's TIME to use $ rules! Now the question is, how do you write them so that they don't use much space (cuz u know, memprotect gets slower with larger .ini and when my memprotect config is 70 lines, adding another 10 for example is an additional 14.3% increase of lines! DISASTER!!!!) How do you make a general rule for so many different exes? There's C:\Windows\notepad.exe (also explorer.exe that I've already silenced), there's C:\Windows\System32 stuff, there's C:\Windows\SystemApps\...\ShellExperienceHost.exe, there's C:\Program Data and C:\Program Files and C:\Program Files (x86) stuff too, so basically that includes 90+% of exes that run on my system, so my preferred method of silence would be like $*chrome.exe>C:\*.exe so that it only takes 1 line (will replace the explorer.exe line), but then what if in the future chrome actually needs legit access for something? Like that children story/tale with the wolf and the boy "look look there's a wolf eating the sheeps! LOL JK BRO JUST A PRANK HHAHAHA CALM DOWN ITS JUST A JOKE LOLOLOL! *wolf actually comes* GUYS FOR REAL THE WOLF IS HERE *nobody comes* " So if I include that silent rule, and chrome ever needs legit access to another exe (which it has never needed for anything else other than chrome.exe in the recent years) then I'll have to do a periodic check to see how my boy chrome is doing, which is annoying cuz it takes time... But you gotta make SACRIFICES for the greater good of security, right? What would life be if there weren't challenges! We don't want EASY life!!
     
  24. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    2,587
    Location:
    Toronto, Canada
    One possibility would be for Florian to create another configuration character (such as $, ?, *, etc.) which would do no logging and no blocking. That way we can ensure that these harmless actions are not filling up the logs or blocking and causing problems.

    These blocks are not occurring for me, with the exception of chrome://gpu which I can reproduce. So I am not entirely sure what is different about your setup to cause chrome.exe to keep polling all running processes.

    I agree; I am a fan of challenges. It keeps our minds moving. :thumb:
     
  25. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    33,301
    just put it on the whitelist = not logged and not blocked :cautious:
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.