V5 Conflict with AtBroker service [279]

The bug/issue

  1. What you did:
    Not sure exactly how this happend, just happend after a period of time after installing cis5

  2. What actually happened or you actually saw:
    On boot, after typing in my user password, vista takes a painfully long time to logon, followed by a black screen for 30 seconds or so before loading the desktop

  3. What you expected to happen or see:
    Usual practice is to log on within 2 seconds after typing pasword as i have a performance level system

  4. How you tried to fix it & what happened:
    Created d+ rule for C:\windows\system32\AtBroker.exe and specified windows system file and this resolved the issue

  5. Details (exact version) of any software involved with download link:
    windows vista x64 sp2 with uac enabled?

  6. Any other information you think may help us:
    I dont know exactly why this happens, I had cis v5 installed for 3 weeks and everything was fine, then this started happening. PS, This also happend with v5 beta before i did a reformat & reinstall of windows. No information regarding the issue in the event log

Files appended

  1. Screenshots illustrating the bug: n/a
  2. Screenshots of related event logs or the active processes list: n/a
  3. A CIS config report or file: n/a
  4. Crash or freeze dump file: n/a

Your set-up

  1. CIS version, AV database version & configuration used:
    Cis 5.0.162636.1135 Release fully up to date, default settings
  2. Whether you imported a configuration, if so from what version:
    Using cisv5 default settings, ‘Block all unknown requests if the application is closed’ is disabled
  3. Defense+ and Sandbox OR Firewall security level:
    Default levels
  4. OS version, service pack, no of bits, UAC setting, & account type:
    Vista x64 SP2 with uac enabled running on an admin account (Tried and tested disabling uac completely)
  5. Other security and utility software running:
  6. Virtual machine used (Please do NOT use Virtual box):

Thought id investigate this further, as this has been plaguing me since the beta, recommend atbroker.exe be added in D+ rules under windows system applications for the next release (AtBroker.exe is a signed recognised microsoft executable btw)


Added all the requested info to the relevant areas

Thanks for making this in standard format.

Just a few questions

Did defining atbroker.exe resolve the problem?

Also are you running under an admin account?

What is your exact CIS version? It will be in More ~ about.

Please edit your original post to add this info in, then I will transfer to verified reports.

Many thanks


Do the Windows logs give us information here? Usually a 30s wait will get logged. Is this how you know it is atbroker.exe causing it?

Do you have Block all unknown requests if the application is closed? If so does the problem go away when you disable it?


Edited my origional poast, all the extra info is in bold

Thanks very much, moving now


Also running Xfire, and 2x Razerhid.exe (one deathadder, the other lycosa keyboard) in my msconfig>startup

If it also helps, ive got punkbuster and windows live id service running alongside the default windows services.