rundll 32.exe

I am still getting this rundll 32 popup with the latest version.
It really is becomming a bloody nuisance

Hi Rambo,

Can you expand a bit more on what the problem is and what settings you use for D+ ?

go to here
https://forums.comodo.com/defense_help/win_7_tasks_and_d-t44866.0.html

read my reply please

This fixed it for me.

Anyway, one more thing (yeah I know you said “everything has been tried” but still… Smiley): you could try changing RunDLL32’s policies/permissions in CIS to Windows System Application.

Go to the Defense+ tab > Advanced > Computer Security Policy > Find and double-click the RunDLL32 entry > Change the predefined policy to Windows System Application > Apply.

If this doesn’t help, or if RunDLL32 was already a Windows System Application…then I’m afraid I can’t help you any.

Beware that setting rundll32.exe to “Windows system application” gives it full control of your system.
Malware “abusing” rundll32.exe could be able to infect your system with this setting…

Perhaps you and LaiserWraith should get together and advise accordingly.
Thanks

Ok, same probleme here but thanks (again) to Quill’s post I get rid of those D+ rundll32 entries. Unfortunately before stopping that task I’ve put rundll32 as a “Windows system application” and now I forgot how it was default so maybe somebody is so kind to tell me what’s are default settings for rundll32. :-[

Hi burebista

Just set it back to custom policy, you’ll likely get a few pop-ups initially, but things will settle down quickly enough.

Sorry did he post something else, i can’t seem to find the link here…

Here it is.

LaserWraith
Usability Study Member
Comodo’s Hero


Online Online

Posts: 2829

I love Minecraft!!!

jeremysbost@hotmail.com
View Profile WWW Personal Message (Online)

Re: How To Achieve Max Security With ZERO Alerts! - Disccusion
« Reply #73 on: September 15, 2009, 12:37:23 PM »
Reply with quote
Hmm…I guess it could be a W7 bug. I just didn’t think other W7 users had that CIS bug. Well, W7 is not fully supported so…

Anyway, one more thing (yeah I know you said “everything has been tried” but still… Smiley): you could try changing RunDLL32’s policies/permissions in CIS to Windows System Application.

Go to the Defense+ tab > Advanced > Computer Security Policy > Find and double-click the RunDLL32 entry > Change the predefined policy to Windows System Application > Apply.

If this doesn’t help, or if RunDLL32 was already a Windows System Application…then I’m afraid I can’t help you any.

Not sure whether what i have is part of default Proactive policy or was modified during training process of CIS in Safe mode.
Anyway, rundll32 policy i have currently:

  1. everything is set to allow except “run executable”, “protected files\folders” and “protected registry keys” - these are set to ask;
  2. “run executable” has allow exception: %windir%* ;
  3. “protected files\folders” and “protected registry keys” have no allow exceptions.

Default for Internet Security 3.12.x.560

[nobbc]
Application: C:\WINDOWS\system32\rundll32.exe Treat as: [Custom Policy]

Access Right 0: { Run an Executable } Default Action: Ask
[0] Allowed: C:\WINDOWS*
[/nobbc]

All others are also Ask with default no entries.

Thanks again Quill, I guess that from now I can call you my personal advisor.
http://i31.tinypic.com/67v0vr.jpg

Thanks Ronny too, I put %windir%* Allowed for Run an Executable.
I guess that I’m on default now.

I thought that might be the case…you certainly know a lot more than me but I was thinking that having this “vulnerability” would be better than a “ruined” computer experience (but I forget what was the problem now :)).

Just trying to solve the simple problems so the “big boys” don’t have to spend as much time. :smiley:

Strange why the default for Internet security seems stronger than that for Pro-Active… ???

I don’t see a diff in those two, both are the same on a default clean install, where is yours different then ?

Can somebody tell me in simple english which setting should i be using.
With LaserWraith there are no Rundll 32 popups but Ronny thinks this is not a good idea.
All i want to do is to stop this bloody Rundll popup permanently.
Thanks and Regards

For me Quill’s advice with stopping that task was enough.

When i switch to pro-active the default rules for rundll.32.exe(in safe mode) i have ask for “run an executable”/ask for “Protected Registry Keys”/ask for “Protected Files/Folders” and Allow for all others(Picture)

When i switch to “Internet Security” all are set to Ask.

Clean install last week.

Matt

Forgot the pic, had a few :■■■■ last night

[attachment deleted by admin]

I’ll have to check to see if the config reporting tool is faking me then… i have exports of both configs on file and they look a like…