Need some Defense+ help please...

[Guest]

[aguyonapc]

I have some folders blocked (Computer Security Policy -> Blocked Files) and when I look in the defense+ events list I see many programs trying to access them.  explorer.exe, notepad.exe, iexplorer.exe, and some other programs I've installed are all trying to access the blocked folders.  Anyone know what may be going on here?  I'm running Windows7 64bit.

[aguyonapc]

Does anyone know what's going on here?
It may or may not be a big deal, but it's got me curious.
Maybe my first post didn't fully explain.

In Defense+ -> View Defense+ Events I see...

Application: C:\Windows\explorer.exe
Flags: Block File
Target: target is the blocked folder

I'm also seeing iexplore.exe, notepad.exe, and some other programs like photoshop giving the same thing.
I can't figure out what is causing it.  The ones that have me most confused are notepad.exe and iexplore.exe as I have no idea why they'd be trying to access my folders.

[aguyonapc]

So far, the programs that have tried to access the blocked folders...

explorer.exe
iexplore.exe
notepad.exe
wmplayer.exe
photoshop.exe (and some other art software I use)
Azureus.exe
cfplogvw.exe

Is there a reason these programs should try to access blocked folders?  Some of them at seemingly random times?  Photoshop and other art software I can understand, and they only do it when I open them.  Wmplayer and Vuze only do it when I open them too, but I'm not sure why.  The other programs I do not understand why they would try to access a blocked folder.

[clockwork]

explorer.exe
iexplore.exe
notepad.exe
wmplayer.exe
photoshop.exe (and some other art software I use)
Azureus.exe
cfplogvw.exe

Is there a reason these programs should try to access blocked folders? 

Important would be, which folders? And why did you block them?

[aguyonapc]

Well they are folders on my work partition containing my work files and stuff.
They're blocked so people can't access them (at least that's the idea).
I'm not sure why something like notepad.exe or iexplore.exe would try to access them.

[Arsh de Grand]

umm it seams you got key-logger or rootkit in your system . or may be its just normal .

[clockwork]

umm it seams you got key-logger or rootkit in your system . or may be its just normal .

One of the most random answers i have seen

Well they are folders on my work partition containing my work files and stuff.
They're blocked so people can't access them (at least that's the idea).

You should not use a host intrusion program to manage access to folders for people who are using your computer. Have you tested the effectivity, and the possible side effects? Better use something like truecrypt.

I'm not sure why something like notepad.exe or iexplore.exe would try to access them.

I can not explain this. Just in case, make a virus scan.

When did this start?

[John Buchanan]

" One of the most random answers i have seen"

Forgive. No disrespect intended.
but ROFL! It just came out funny.

[aguyonapc]

You should not use a host intrusion program to manage access to folders for people who are using your computer. Have you tested the effectivity, and the possible side effects? Better use something like truecrypt.

It's just something I do sometimes when a certain person may be near my pc.  She would have no idea how to get around it.  I know it's not the best way, but it's quick.

I can not explain this. Just in case, make a virus scan.

When did this start?

I'm not sure exactly when it started.
I noticed it a few weeks ago, but I wasn't really paying attention to things at the time.

I have scanned with a bunch of scanners (Malwarebytes, Superantispyware, ESET Online, Hitman Pro, Bit Defender, ect...).  None show anything.  Have also done a rootkit scan (gmer) but don't know how to interpret the results.

[clockwork]

If a person who uses a security product would need to block "files" without indication, to notice an infection by locking in the logs of these volunteer blocks, we would be lost
(I dont exclude possibillities with this. Just say, we would be lost )

Did you use your "art software" for something in those folders? What happens if you move these folders, or giving them other names?

Is there a reason these programs should try to access blocked folders?

The programs dont know that these folders are blocked. The question should be: What function do these programs have to access folders, and when are they doing this?



True crypt is free. You could inform yourself about its benefits.

[aguyonapc]

The question should be: What function do these programs have to access folders, and when are they doing this?

That's more or less what I need to know... why would they do this?

I can understand why photoshop and stuff like that might want to access the files.
notepad.exe and iexplore.exe are the ones that have me most curious as I can't think of a reason.

I do use TrueCrypt for some things, but just blocking folders through Comodo is quick and easy.
Maybe I should just stop doing it that way.

[clockwork]

What happens if you move these folders, or giving them other names?

That way we would at least know if they try to access them still, and when this would start.

[aguyonapc]

If I try to move a blocked folder I get this D+ event...

Application: C:\Windows\explorer.exe
Flags: Block File
Target: target is the blocked folder

I also get a windows message saying 'Folder Access Denied'.
If I click on 'Continue' and put in my admin password I get this...

Application: C:\Windows\System32\dllhost.exe
Flags: Block File
Target: target is the blocked folder

I will unblock the folders, rename them, and then block them again to see what happens.
It seems to be happening to any folder I block with comodo.

[clockwork]

No, i meant, move the folders or rename them, so we can see the behaviour of the files that try to access them.
If nothing is logged then, the files had a specific "reason".

Of course, dont forget to make the rules for that path too

[aguyonapc]

So far I have no new entries in my D+ log since renaming the folders.

[Tags:]