Windows Defender - Protected memory access question

Discussion in 'other anti-virus software' started by act8192, Nov 28, 2019.

  1. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,660
    I do have Controlled Folder setting in WD turned on and understand some pieces.
    Recently I saw two applications apparently trying to access protected memory.
    Can someone explain to me in plain English what these events mean.
    To me DR0 indicates some volume, perhaps system reserved. EDIT: No, it's my main and only hard drive.
    And HardDisk Vol3 is the windows10 partition. Neither sound like memory.
    Please speak to me like you would to a five year old.
    WD-EEK-block-.jpg WD-WinSAT-block-.jpg
    EEK ran on 1809, few hours before 1903 installation on Nov23. EEK is emsisoft's.
    WinSAT log item is on 1903. WinSAT is Microsoft's some kind of a system assessment tool.

    Moderators: if this should be in the Windows Defender thread, please move it.
     
    Last edited: Nov 29, 2019
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,904
    Location:
    U.S.A.
  3. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,660
    Thanks much. Good link. Note post #4 - this memory thing seems to be a puzzle to shmu26.

    Aha, I do have Exploit Guard set. Hmmm.

    It wasn't inadvertent. I followed pages 99 and 100 in the Windows Defender thread
    https://www.wilderssecurity.com/thr...ntivirus-that-windows-10-needs.383448/page-99
    so I used group policy using the ghacks and Microsoft's list. I did it in September and completely forgot about it.

    But that still does not point me into the Memory thing when WD complained about a whole drive as well as the Windows volume. As I reread the MS blurb about ASR, I'm not finding stuff about protected memory. But actually I don't understand many of those words or how these things work starting with whose memory? :(
     
    Last edited by a moderator: Nov 30, 2019
  4. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,660
    Me again :(
    I still don't understand what memory has to do with access to drives, volumes, or, now, even the CD/DVD player inside my laptop. Powermgr.exe is a Lenovo power manager. What memory plays a role in the alerts I get several times a day? Unrelated to actually using the player which works just fine in spite of WD objecting to something. Typical entry:
    WD-PwrMgr-block-cdRom-.jpg
     
  5. Pat MacKnife

    Pat MacKnife Registered Member

    Joined:
    Mar 31, 2014
    Posts:
    532
    Location:
    Belgium
  6. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,660
    @Pat MacKnife,
    Thanks, but I'd like to keep it. I'm just trying to understand the memory reference. Please note the headings in my screenies. Compare to this, understood, folder access:
    WD-ProtFolder-WMP-desktop-block.jpg
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.