C:\Windows\system32\WinMsgBalloonClient.exe keeps asking permission to run

C:\Windows\system32\WinMsgBalloonClient.exe asks every computer startup permission to run. What should i do?

It doesn’t help to tell Comodo to always trust it.

It started after installing motherboard drivers. My motherboard is Asus M4A87TD/USB3.

I use Win 7 Home 64 bit.

What alert do you get? Can you show a screenshot of it?

Hey and Welcome maturu.

I have googled and I am almost sure you have downloaded malware.

look here http://www.bestregistrycare.com/exe-errors/WinMsgBalloonClient.exe.html and here

i recommend you to download malwarebytes (www.malwarebytes.org), update it and make first a quick scan, and then a fullsystem scan.

were you download it from? answer through PM (click on Valentinchen and Send this member a personal message.)


This is from a while ago and i think the file is to do with RAIDXpert (as it`s in the system32 folder). If not resolved could you get an md5 of said file.

Check yours with the one at VirusTotal http://www.virustotal.com/file-scan/report.html?id=d9b99af89ec1d335d7437bb94b393770762a2dbeb4153fae1c458fbbe9c646b0-1290340379


Here is the screenshot.

[attachment deleted by admin]

Have you checked the files hash or sent it to VirusTotal?

Maybe try going to Defence+ ->Computer Security Policy-> Click on “Add” then “Select”-> Browse to the file in the System32 folder and double click it-> Check “Use a pre-defined policy” and choose “Installer or Updater” → APPLY then OK. Check to see Computer Security Policy lists the file with the correct policy.


Malwarebytes found nothing.

File seems to be in SysWOW64 folder and not in system32 so it is 32 bit program and SysWOW64\WinMsgBalloonClient.exe was already in trusted files.

VirusTotal found nothing →

What next?

I did that “Installer or Updater” thing to C:\Windows\SysWOW64\WinMsgBalloonClient.exe with no results. Same window asked permission after restart.

What next?
And thanks for helping me out of this.

from where did you installed your motherboard drivers?

I downloaded them from Asus
http://www.asus.com/product.aspx?P_ID=nlWYrI9wlNIYHAaa&content=download and I chose Win 7 64 bit

I installed them with default options.

I can confirm that this issue is not malware related, the WinMsgBalloonClient.exe is a component of the RAID monitoring console AMD RAIDXpert (a.k.a. Promise WebPAM).
The software is not linked to a particular set of mainboard drivers, and it can be used on any PC platform equipped with AMD Southbridge SB700/SB800 series chipset, regardless of PC make/model.
My system, too, is experiencing the same issue, even with suggested Defence+ authorization…
Any solution?

Have you tried at add this safe application in d+ rules and it the firewalls application rules?

Try the workarounds in App. is not working correctly, but does not seem to be s/boxed. What to do? [v5] and see if they fix it for you or not.

It seems that so far this matter is not solved. Indeed the file path is “C:\Windows\SysWOW64\WinMsgBalloonClient.exe”. Somehow CIS thinks it is “C:\Windows\System32\WinMsgBalloonClient.exe”, maybe because it is a 32 bit executable(?).

I have the same problem and get no solution to this day. Checking D+ log, I found the attached event and respective alert. Sorry, they are in Portuguese-BR…

I tried to follow https://forums.comodo.com/defense-sandbox-faq-cis/app-is-not-working-correctly-but-does-not-seem-to-be-sboxed-what-to-do-v5-t61684.0.html but hadn’t luck.

Can some one help?

[attachment deleted by admin]