Hi This is part of my cannon printer installation. However every time I boot up D+ displays this c:\windows\system32\rundll32.exe create process,execute image etc along with mywinlocker.

Do you have set D+ to block all unknown requests when the application is closed?

Can you post a screenshot of the Defense + logs that shows this event? They can be found under Defense + → Common Tasks → View Defense + Alerts?

No to your question and heres a log. Thanks

[attachment deleted by admin]

Thanks for the logs.

I see the running of Scansoft related dll’s by rundll32.exe process get blocked. I think somewhere down the line you may have blocked request for those. To set this straight do the following.

Take a look at Defense + → Advanced -->Computer Security Policy → now select rundll32.exe → Access right → push the button behind Protected Registry Keys → look in the Blocked Registry Keys tab to see if there are any keys blocked. If so delete them or the one you think may be applicable.

No nothing blocked. However I have run the setup scanner wizard for scansoft seems ok for now. This is a new pc windows 7 by the way cis installed for 5 weeks. Thanks

When you get rundll32.exe alerts for Scansoft dll’s please allow them. Hope that fixes it.

I always did & since setup nothing being tagged. I think I know now why this originally happened my girlfriend thinks she denied it last week. I have now unticked cis to remember alerts.

That sounds like a realistic explanation.

Hi It still gets tagged but this time when pc comes out of sleep mode.

Does the D+ logs (Defense + → Common Tasks → View Defense + Events) show programs being blocked around the time Windows recovers from sleep mode?

No it just says create process execute image

Can you me the D+ log so I can see the complete message it provides?

When the message is about rundll32.exe wanting to execute a dll add that dll to the executables allowed for rundll.32.exe.

To do so go to Defense + → Advanced → Computer Security Policy → select rundll.32.exe → Edit → Access Rights → push the modify button behind Run and executable → now add the reported dll in the Allowed Applications → when done Apply and Ok your way back to the main screen.

Hi heres the log Ps just found the two dlls on the blocked list.

[attachment deleted by admin]

The D+ log shows quite a few Scansoft dll’s being blocked. Add all these dll’s to rundll32.exe’s Allowed applications list. You can use the procedure in my previous post for this.

Will do thanks

This is a real pain now its intel showing what next? Never happened in xp but this windows 7

Can you be more specific what is being shown? Please post another screenshot.

Hi here it is

[attachment deleted by admin]

Please add all the mentioned dll files that rundll32.exe tries to execute to the Allowed Applications of rundll32.exe.

To do so go to Defense + → Advanced → COmputer Security Policy → look and select the rule for rundll32.exe → Edit → Access Rights → push the Modify button behind Run an executable → now add all the dll’s to the Allowed Applications list → then use OK and Apply to get back to the main screen.