rundll32.exe alerts solution

The Comodo rundll32.exe alerts were driving me nuts…
Running malware/spyware scanners etc. will not resolve this problem as the cause is with Microsoft Windows 7 collecting customer data:
I found this resolution on an Everybody Geek Blog:

"Why do you get these warnings?
Whenever your computer is idle, Windows 7 collects program telemetry information that is used for the Microsoft Customer Experience Improvement Program, if opted-in.
This information is collected, even if you selected not to participate in the Microsoft Customer Experience Improvement Program. The information is simply not used.

How do I fix this?
Stopping these warnings about rundll32.exe to pop up is very easy. All you have to do is disable the scheduled task that is responsible for collecting program telemetry information.

Open the Task Scheduler
• Click the Start button and enter ‘Task Scheduler’ in the search box
• Click ‘Task Scheduler’
• Open Start => Control Panel
• Select ‘System and Security’
• Under Administrative Tools, select ‘Schedule Tasks’
Disable the scheduled task
• In the Task Scheduler, navigate to: Task Scheduler Library => Microsoft => Windows => Application Experience
• You should see two scheduled tasks: AitAgent and ProgramDataUpdater
• Right click ‘ProgramDataUpdater’ and select ‘disable’
• Reboot your computer
That’s all. No more Defense+ warnings about rundll32.exe trying to execute different dll files.
Posted by Everybody Geek"

My pc is now free of these rundll32.exe alerts
Many thanks to Everybody Geek

Hi bukarr ,

You just double-posted ???
because I did reply to the same message of yours in another thread

Hi SiberLynx,
With 26 posts reporting problems and only 1 brief solution from Matty R, thought it best to go up a level to make searching for a solution easier…

I’m not “against a solutions”…
Basically, my reply here in this thread was pointing double-posting, which is not an acceptable practice.

My other reply was about the “issue” itself. It does not occur for some configurations
Just 26 reports is not a “statistically reliable data”… the same way and therefore - the “solution”…
… despite I am not denying that the problem exists

My regards

The rundll32.exe alerts are driving me crazy too.
The absolute worst though is a repeating alert of “access memory” that occurs every few seconds. Its from my mouse driver. Its from Logitech Setpoint, my mouse driver. Setpoint spawns a child process, KHALMPR.EXE and then the two processes constantly share information via memory locations, so I assume thats what is triggering the error. There is no explanation of what “access memory” means, is it interprocess memory, or is it physical memory…not enough data in the alert to be helpful.
The rundll32.exe process does shared memory communication also with programs that use it.
I’m hoping there is some easy way to turn off all the alerts for these kinds of programs which are basically using a DOS method of interprocess communication.

Hi norain ,

That’s is very important to provide more detailed information about your System Environment.

You can use the signature for that as a matter of fact, so the “annoying” question will not be asked every time you post any request(s).

As pointed the “issue is not an issue” for some systems.

So, what OS; Service Pack; platform; what is the version of CIS you are using; is a complete Suite installed; or just… AV and/or just Firewall; … etc.?


This was done to death rundll32.dll active when system idle!! ages ago.

[sub]Edit by EricJH: removed the relayed url provided for a direct link[/url]

Yes, I’m running Windows XP SP3. Intel 686.
rundll32.exe does do direct memory transfers, so does SetPoint, so I’m sure CIS is correct in flagging it. I just want to be able to have it not alert for memory access on those two applications.

So how do you tell CIS to ignore interprocess memory access for a particular process?
Nothing seems to work so far.

Wouldn’t a custom %windir\system32\rundll32.exe in defense+ allow you to set what application, file or service is allowed or blocked for one of the subprocess?