ProcessGuard and CD drives

Discussion in 'ProcessGuard' started by knowbodynow, Aug 17, 2005.

Thread Status:
Not open for further replies.
  1. knowbodynow

    knowbodynow Guest

    Hello,

    Every time I use the CD drive I get a message from ProcessGuard:

    Launched by: c:\windows\system32\svchost.exe
    Command Line: rundll32.exe shell32.dll,activate_rundll
    Company Name: Microsoft Corporation
    File Size: 32KB

    I deny it each time. Is it possible to get ProcessGuard to ignore putting in a CD or taking it out? I hesitate to check the "always perform this action" check box as I'm not exactly sure what I would be allowing/denying since svchost.exe is involved.

    Thanks

    CaH
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi knowbodynow, It is a trusted process and therefore should be allowed - They are all trusted system processes that are protected so there should be no problem allowing it always. :)

    Pilli
     
  3. knowbodynow

    knowbodynow Guest

    Thanks Pilli,

    I just wondered if something could hijack that process and if it has been allowed do something in the background that I was unaware of. I'm thinking of rootkits and the like. But, not knowing what is possible, perhaps I am being paranoid?

    CaH
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    No problem :) There is a slight risk always allowing run32dll as is there with services.exe as they could possibly be utilized by malware but if it is annoying then, on balance, the risk is miimal.

    Pilli
     
  5. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, knowbodynow

    It is properly caused by having autoplay Enabled for CD-DVD Drives and Removable Drives [flash drives], it you download TweakUI [Microsoft Powertoy tool] you can turn autoplay off, then it wiil not scan for a autostart file on the Media.

    Microsoft PowerToys for Windows XP

    Take Care,
    TheQuest :cool:
     
  6. knowbodynow

    knowbodynow Guest

    Thanks,

    I thought the same way but I have TweakUI and autoplay is off. Something else must be causing this?

    CaH
     
  7. TheQuest

    TheQuest Registered Member

    Joined:
    Jun 9, 2003
    Posts:
    2,301
    Location:
    Kent. UK by the sea
    Hi, knowbodynow

    The only other thing I can think that could make happen is a Burning Progarm, ie Nero which checks CD\DVD when loaded by default.

    Take Care,
    TheQuest :cool:
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Thats autoplay.. try inserting a CD with the SHIFT key held down

    I very much dislike auto insert notification in XP, most CD burning software detects it is enabled and asks me to turn it off. YES PLEASE I say :)
     
  9. knowbodynow

    knowbodynow Guest

    I tried inserting a CD while holding shift key. ProcessGuard still came up. I have Nero 5.5 but nothing is loaded at startup and in any case I can't see any preferences that would do this. I wonder what is causing this.

    CaH
     
  10. o_O

    o_O Guest

    Hmm strange one o_O
     
Thread Status:
Not open for further replies.