I’ve just installed the latest driver for my Creative soundcard under Windows 7 RC1 and I had to clear the Defense+ warning for services.exe 85 times before the installation finished. It used to be possible to give an installer the right to use services.exe while it was doing the install, but now it isn’t and it’s VERY annoying >:(

Why has this policy been changed? How can I fix it so that I don’t have to do almost 100 acknowledgements every time I try and install a driver?



The easiest way is, to go to computer security policies, then open services.exe click on access rights, and then modify protected registry entry with an wildcard like “*”.
After that, services.exe should create/modify every Registry entry you want.

I hope it’s just the problem with the registry(that was default at mine)

[modbreak by EricJH]Please do not follow this advice. As moderators we urgently advice against the blank allow for services.exe. This file can be called by any program, that includes malware programs, to install a service. As a consequence you are not able to catch part of real life malware installs anymore. Your security will be seriously compromised.

[at]michaelfairburn. I am afraid clicking a lot is the price for lots of control. I would advice to use the Installer/Updater mode for known programs from a trusted source; but that’s a matter of “taste”. But I stroggly oppose against the blank allow for services.exe solution. When you want control I am afraid you will have to suffer… sorry to be the bringer of bad news… [/modbreak]



Thanks dude, that’s great. I appreciate your help. :P0l :-TU

I have the same problem with the file services.exe
can you please give me a detailed explanation how to solve this problem, because I don’t know where is the computer security policies, and where to put the wildcard in the registry

Thanks in advance

You have to open CIS. then click Defense+.

after that on the left side click advanced. then in the mittle you have computer security policies: click on it.

now you have to watch out for services.exe. if you don’t find it. Push ctrl + F and then you can type in C:\Windows\System32\Services.exe. Now you have found it.
After that double click, a new window will open.
Now you have to click on access rights, new window opens.
in this window is somewhere “protected registry keys”. on the left side from it the option ask should be elected already. left from that is an button “modify” i think( im using german language pack).
in that new window you have 2 tabs.

in the allowed tab should be already an registry key “HKLM\SYSTEM\CONTROL\Services*”
in this section you click add button and choose registry entry. in this new window you have just to type in the upper field “*” and then push return. a window appears: click yes. now just save this settings and you are fine.

I would not recommend the blank allow for services.exe. This file can be called by any program, that includesmalware, to install a service. As a consequence you are not able to catch part of malware installs anymore. Your security is seriously compromised.

yes Eric, you are right. That’s a common wildcard problem of Defense+. That is working like the Training Mode, which is also unsafe and a hugh problem to deal with. Training Mode/Clean PC Mode also creats wildcards, where you nearly has no option to change them effectly except of removing the wildcards and you paranoid mode, to configure an apps correctly.

Maybe someday someone from CIS listen to me, and change it. I’m waiting for that like for the game mode, for a spacial app and not an “trusted app” setting, where i also can’t trace what an app do.