PG - ctfmon.exe - global hooks Question?

Hi All,

My question is re: ctfmon.exe and PG ... log shows ctfmon.exe being blocked as follows :

29 Apr 20:10:19 - [HOOK] c:\windows\system32\ctfmon.exe [612] was blocked from creating a global Shell hook [0000000A][00000000]
29 Apr 20:10:19 - [HOOK] c:\windows\system32\ctfmon.exe [612] was blocked from creating a global GetMessage hook [00000003][00000000]
29 Apr 20:10:19 - [HOOK] c:\windows\system32\ctfmon.exe [612] was blocked from creating a global CBT hook [00000005][00000000]

Should I config to allow these hooks? Or do I have something protected I shouldn't have ... I have change it for now; to allow the hooks for this process in the options drop down box in the bottom right by check off that box ... but is that correct? I googled ctfmon.exe to find out more about the process ... (description below) ... and figure it was OK.

ctfmon - ctfmon.exe - Process Information
Process File: ctfmon or ctfmon.exe
Process Name: Alternative User Input Services
Description: A service that handles the Alternative User Input Text Processor (TIP) and the Microsoft Office Language Bar. It provides text input support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.
Company: Microsoft Corp.
System Process: Yes
Security Risk ( Virus/Trojan/Worm/Adware/Spyware ): No
Common Errors: N/A


Thanks in advance for the help.

dog -

 

Blocking global hooks is for advanced users, and is experimental. I personally dont recommend the average user touch this setting

YES - You should allow this to create a hook, since you know what the program is.. especially a system file

 

Thanks Gavin ...

I like experimental ... lol ... running into problems and learning the what, how and why ... will only help me improve my abilities and knowledge. Besides I got you wonderful DCS and Wilders folks to bail me out ... and teach me those what, hows, and whys. It's the Learning I enjoy and appreciate most. There's no learning experience like messing up.

If I run into any big problems ... I'll do as you suggested.

Thanks for both the answer and advice.

dog -

 

Hi dog

I believe ctfmon.exe comes along with both XP and Office XP.
I had no problem with it when I just had Windows XP because I disabled it on start up. It stayed disabled, was no problem and I virtually forgot about it.

However I recently installed Office XP Pro and ctfmon.exe was a real PITA. After every reboot, on opening IE (which I only use for Windows updates) and Outlook, DCS's RegProt would pop up and ask permission to allow change in reg key. This was extremely irritating. It would not stay disabled on startup and kept reappearing.

Did some research and discovered that ctfmon.exe is only used by the Windows Speech and text service which I do not use. Did a bit of googling and discovered how to stop it running altogether, which I have done. This way there is no need to bother PG with its unwelcome presence. Microsoft Knowlege Base Article 282599 refers and will tell you exactly how to completely disable it.

HTH

 

I've had
4. Block Global Hooks checked
right from the beginning and haven't noticed any problems.

 

and if there's a trusted program the really needs Global Hooks, change it's Options to
Allow Global Hooks - checked

 

Hi JW Clements

Thanks for your input.
Appreciate what you're saying.. but.. there have been quite a few threads on the forum about various apps that react adversely to the GPO Block Global Hooks.

In my own case BOClean 4.11 would not fire up on boot/reboot for a good 50% plus of the time. However, there have been various other threads where other apps didn't like Block Global Hooks. It is a known problem and will hopefully be sorted by the next version of PG.

Plus, in this very thread, Gavin himself mentions (not for the first time) that Block Global Hooks is pretty much experimental and not for the average user (me)... more for experts, which I certainly am not!!

Pro tem, I run PG with the first three GPO's ticked and have no problems with any app, but I will leave the Global Hooks one for the future when there has been a little "sorting out" on it.

However, to bring this back on topic (ctfmon.exe), unless you use windows speech/text service, IMHO the best thing is to get rid of it for good!!

Regards

 

Dog and all,

Ctfmon.exe is necessary for those who use other languages in addition to English on an English version of MS Office. But rather than be called when the actual language is used, it's Microsoft bloating way to load stuffs just in case.

To have PG deal with hooks was a brilliant idea (among others) from DiamondCS. This option makes life more difficult for Trojans who want to communicate their loots to their owners. As many powerful tools, it may cause tripping. However, Gavin, I hope you're not going to get rid of this parameter: just warn users with a small note next to the Hooks option.

I often use a second monitor to just display the PE log. As I see trouble like these hook denials, I follow Gavin's idea that if a system file wants a hook, accommodate that program. However, I'd like to point out that some programs react in a funny way to PG. While Sidekick 98 got happy as soon as it got hook permission, this permission was not enough for Quicken 2001. The password Window for Quicken's data file would not proceed gracefully and I have to disactivate PG to get Quicken going. There are other programs that don't work when PG is active.

Is it PG which needs improving or is it Quicken 2001 and some others that don't know how to behave properly in tight spaces (though Quicken seems better written than the average program)?

Pigitus

 

Peter2150,

Thanks for your suggestion about turning on "Close Message Handling". Actually, further testing of this problem revealed this:

1. Even when all 3 PG option flags are checked for Quicken, it refuses to open on a desktop (600MHz, 512MB)

2. The same Quicken runs fine with just one PG option flag checked (global hooks) on a laptop (2.2 GHz, 512MB).

Global PG options were the same on both machines and local PG options were the same for the 2 Quicken EXE files.

Did you say "strange"? But I am not seriously submitting this puzzle to anyone any further, except for this: the machine that refused to run Quicken under active PG is also the one that kicked PG off once, with all the protected programs kicked out. But since I reinstalled PG on that machine, PG has been running well. I hope this serves as some sort of clue to DCS.