Defense Plus in “Clean PC mode” keeps blocking LWEmon.exe of Logitech eventhough I’ve marked as trusted and given it full priviledges. Rundll32.exe has the same problem. Both files are in the locations they’re supposed to be…so I don’t suspect any malware as this is a new installation.
“Defense + has blocked 475 suspicious attempts”… and counting (are these files really being blocked or just logged)
Also, everytime I restart its puts Avast in the folder for reviewing, I then move it to “my safe files”, and sure enough its back at every restart!
Any hellp would be greatly apprecaited
Runing Windows 7 x64 Home Premium
Sorry if I posted this twice, I got kicked off and had to rewrite
Well, its still puts the same three files for review that I put in my own safe files. One of them is Avast4\DATA\clnr0.dll Is this some kind of conflict with Avast? I’ve submitted it to Comodo, it then marks it as Trusted, and sure enough its back in for review at next startup. Why???
What does it actually DO to put files in “'my own safe files” if it just keeps blocking them!??
I’ve tried all the hints in this forum for rundll32.exe and it still is showing up as, Action “block hook”, constantly!
Rundll32.exe seems to be a problem a lot are having…
My Pending Files will list any executable which is created anew, modified or moved.
In CleanPC mode the files in ‘My Pending Files’ are excluded from being considered as clean and are monitored and controlled.
It looks like that Avast4\DATA\clnr0.dll is rewritten during every VPS update and this will cause it to be repeatedly added to Pending Files list even after being removed.
Yes, all three files are extracted from 400.vps (the avast virus database) at the time of loading.
They basically change (=get overwritten) during every VPS update.
The block hook action type ought to be the result of an application policy Protection setting which got its Windows/WinEvent Hooks radio button set to Yes. Probably it is related to some change to the protection settings of rundll32.exe policy (btw is the target some DLL file or some other application?).
Not sure about LWEmon.exe but maybe a full D+ log (or a screenshoot that include the action type and both application and target names) could provide some more clues (Exporting Log Files to HTML)
All “Yes” like you just mentioned ought to trigger those Block hook events in Defense+ logs whereas setting also other Protection settings to Yes is likely to trigger additional related events in Defense+ Logs.
Please set the options of the corresponding Rundll32 policy dialogs to match these screenshots