WMIADAP.EXE is "ignoring" its own PG settings

I'm running PG 1.200 on WinXP. The screen shot says it best: I have "C:\WINDOWS\system32\wbem\wmiadap.exe" in PG's list (actually, I think it was there by default), and it has every possible "Allow" privilege.

Still, however, I see log entries that tell me that WMIADAP.EXE "tried to gain WRITE, TERMINATE, SET INFO, SUSPEND" access on" every entry in the PG list. This happens pretty frequently. It's as if the "Allow" settings for WMIADAP.EXE are being ignored.

Screen shot (JPG, 127 KB)

 

seems to be a bug somewhere, indeed, if you look at your SS carefully, you will notice that

c:\windows\system32\wbem\wmiadap.exe

is protected and allowed, while

\\?\c:\windows\system32\wbem\wmiadap.exe

is blocked. The path is different, and "\\?\" doesn't mean anything to my eyes.

I'm sure you will have news from DCS tomorrow.

 

The screenshot is not available, at least when I just tried to click on it, so I cannot see it.

-Jason-

 

Does this one work:
http://home.rochester.rr.com/bootitng/images/00004658.JPG

 

Sorry, the image is pretty large, so I didn't want to imbed it. I also forgot that I have the ASCII log enabled, and that I could get the output from there as well. So here is an excerpt from it:

\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\smss.exe [384]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\csrss.exe [460]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\winlogon.exe [484]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\services.exe [528]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\lsass.exe [540]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [704]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [784]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\svchost.exe [828]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\explorer.exe [976]
\\?\c:\windows\system32\wbem\wmiadap.exe [PID] tried to gain WRITE,TERMINATE,SET INFO,SUSPEND access on c:\windows\system32\spoolsv.exe [980]

There are a ton of these entries; this is only a portion of them. There is one entry for every instance of every program I have in PG's list at the time WMIADAP.EXE runs (for example, APACHE.EXE is in PG's list, and when WMIADAP.EXE runs, it creates a log entry like the above twice for APACHE.EXE--because Apache uses two instances when it runs).

 

Thanks. I'm such a moron when it comes to handling images. If I'd just used a PNG like I usually do, there would have been no problem.

 

Thanks, this has been fixed for PG1.250

-Jason-