guard dll registry entries

I noticed that there seems to be a error in the guard32.dll and guard64.dll registry entries.

Version 5.3.43550.1216
Windows 7 64bit

And there are also previously unseen firewall alerts

Hello thommh,

Can you also make a screenshot of the Defense+ Events?
Its possible that CIS is blocking AutoRuns from accessing certain areas on your machine.

Can you explain a bit more about your second issue?



Defense+ is disabled as I am not using it atm.

Ok; Is Image Execution Control Disabled as well? and as well as the sandbox?


Execution Control is enabled, Sandbox disabled.

Hello; I’m back with more info

This may help; these guardxx.dll are apart of CIS;

For your firewall event, Can you go to CIS > Firewall > Firewall Events > Post Screen shot of this window and upload here,

Hope this helps


Hi guy’s,

Issue 1 is probably caused by something else as there is a “space” between the Chinese (?) char and the guard32/64.dll’s those entries where already present during install of CIS.

One can have multiple entries on AppInit_DLLs seperated by “space”.
If you don’t trust it try to uninstall CIS and see if Chinese char is still there, if so you need to edit your registry to remove them manually, search for AppInit_Dlls and you should be able to find them.

Issue 2 is due to IPv6 support in this version, the alert is for “localhost” ::1, similar to IPv4
As this is a firewall alert it can’t be related to guard32/64.dll cause that’s used for D+

Thank you for your help.
I ended up editing out the space and chinese character in the registry, dunno where it came from.
Are there any good sources for me to cross-reference ipv6 addresses?

No sure if this is what your looking for be we started a v6 discussion here