scansoft

stuartm · January 13, 2010, 9:59pm

Hi This is part of my cannon printer installation. However every time I boot up D+ displays this c:\windows\system32\rundll32.exe create process,execute image etc along with mywinlocker.

Citizen_K · January 13, 2010, 11:50pm

Do you have set D+ to block all unknown requests when the application is closed?

Can you post a screenshot of the Defense + logs that shows this event? They can be found under Defense + → Common Tasks → View Defense + Alerts?

stuartm · January 14, 2010, 3:37pm

No to your question and heres a log. Thanks

[attachment deleted by admin]

Citizen_K · January 14, 2010, 9:47pm

Thanks for the logs.

I see the running of Scansoft related dll’s by rundll32.exe process get blocked. I think somewhere down the line you may have blocked request for those. To set this straight do the following.

Take a look at Defense + → Advanced -->Computer Security Policy → now select rundll32.exe → Access right → push the button behind Protected Registry Keys → look in the Blocked Registry Keys tab to see if there are any keys blocked. If so delete them or the one you think may be applicable.

stuartm · January 15, 2010, 3:06pm

No nothing blocked. However I have run the setup scanner wizard for scansoft seems ok for now. This is a new pc windows 7 by the way cis installed for 5 weeks. Thanks

Citizen_K · January 15, 2010, 6:16pm

When you get rundll32.exe alerts for Scansoft dll’s please allow them. Hope that fixes it.

stuartm · January 15, 2010, 7:07pm

I always did & since setup nothing being tagged. I think I know now why this originally happened my girlfriend thinks she denied it last week. I have now unticked cis to remember alerts.

Citizen_K · January 15, 2010, 8:59pm

That sounds like a realistic explanation.

stuartm · January 24, 2010, 7:49pm

Hi It still gets tagged but this time when pc comes out of sleep mode.

Citizen_K · January 24, 2010, 10:45pm

Does the D+ logs (Defense + → Common Tasks → View Defense + Events) show programs being blocked around the time Windows recovers from sleep mode?

stuartm · January 25, 2010, 5:14am

No it just says create process execute image

Citizen_K · January 25, 2010, 5:22pm

Can you me the D+ log so I can see the complete message it provides?

When the message is about rundll32.exe wanting to execute a dll add that dll to the executables allowed for rundll.32.exe.

To do so go to Defense + → Advanced → Computer Security Policy → select rundll.32.exe → Edit → Access Rights → push the modify button behind Run and executable → now add the reported dll in the Allowed Applications → when done Apply and Ok your way back to the main screen.

stuartm · January 26, 2010, 1:56pm

Hi heres the log Ps just found the two dlls on the blocked list.

[attachment deleted by admin]

Citizen_K · January 27, 2010, 2:14am

The D+ log shows quite a few Scansoft dll’s being blocked. Add all these dll’s to rundll32.exe’s Allowed applications list. You can use the procedure in my previous post for this.

stuartm · January 27, 2010, 10:58am

Will do thanks

stuartm · January 27, 2010, 12:15pm

This is a real pain now its intel showing what next? Never happened in xp but this windows 7

Citizen_K · January 27, 2010, 5:49pm

Can you be more specific what is being shown? Please post another screenshot.

stuartm · January 28, 2010, 3:33pm

Hi here it is

[attachment deleted by admin]

Citizen_K · January 28, 2010, 5:24pm

Please add all the mentioned dll files that rundll32.exe tries to execute to the Allowed Applications of rundll32.exe.

To do so go to Defense + → Advanced → COmputer Security Policy → look and select the rule for rundll32.exe → Edit → Access Rights → push the Modify button behind Run an executable → now add all the dll’s to the Allowed Applications list → then use OK and Apply to get back to the main screen.