Win 7 tasks and D+

Been using 7 for a couple months now.

When I leave the machine alone, away, a lot of D+ alerts show up.

rundll is messin with every exe, thus the alerts. I assume it’s a prefetch sort of thing, and since I like how 7 is working I don’t wish to mess with whatever task is doing this. And if the task assist’s the os then I’d like to let it just do it. As it is, while I’m away, the default deny tells it no.

Wondering if anyone else has dealt with this. Probably a simple setting change, though I’ve tried, haven’t found it yet.

Hi, take a look at my post here:

rundll32.dll active when system idle!!

Hi, thanks for the link. Interesting stuff, I’ll study it and see if I can find out what’s going on.

As another angle on this, I’m certain I could set D+ to allow rundll32 to run whatever/whenever it wants, It just seems to me that could be a bad idea.

Basically your thinking rundll32 is scaning the apps on win 7 then sending the info to Microsoft? Allthough i`ve never had a rundll32 firewall alert Huh

That’s my current thinking. What I’m looking at now is how that data was/is being transferred. I can’t see it being rundll32 doing the ‘grunt’ work, more likely something like svchost, which is a pain to track down.

That’s not true.
It never sends any informations to MS without your permission.

Check this out

[attachment deleted by admin]

That's not true. It never sends any informations to MS without your permission.

Thank you for your comment, but that was not the point of directing Sandwater to that post. Also the post is almost two and half months old and was never followed up. As I stated in the post, it was my current thinking, at that time.

The fact is On Windows 7 task scheduler runs a process everyday, which collects program telemetry and, for me at least, was generating a significant number of rundll32 events in the D+ log. Disabling this task removed the problem.

[attachment deleted by admin]

That’s not even with task scheduler.

The problems are mixed with Superfetch, Windows Search and Hibernation.
And CIS.
And mscorsvw.exe(.NETFramework assembly optimizer).

Those services gather and optimize lots of .dll files and other files everytime, even in idle conditions.

Aslo CIS’s ‘guard64.dll’ has a problem with Windows 7.
You can see the msg in your even viewer.
it says
‘Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure they are related to trusted applications.’

  • System

    • Provider

    [ Name] Microsoft-Windows-Wininit
    [ Guid] {206F6DEA-D3C5-4D10-BC72-989F03C8B84B}

    EventID 11

    Version 0

    Level 3

    Task 0

    Opcode 0

    Keywords 0x4000000000000000

    • TimeCreated

    [ SystemTime] 2009

    EventRecordID 6810


    • Execution

    [ ProcessID] 520
    [ ThreadID] 552

    Channel System

    Computer whoknows?

    • Security

    [ UserID] S-1-5-18

  • EventData

    StringCount 1
    String C:\Windows\system32\guard64.dll

I wanted to talk about this for a long time ago. But CIS doesn’t support Windows 7 officially as you know.
That’s why I’ve never talked about it.

That's not even with task scheduler

I’m sorry I don’t know what that means. Disabling the task in task scheduler fixed the problem for me. I’m not suggesting this is the only solution, just a possible.

I personally disable hibernation and windows search as I don’t find either of use. I also haven’t seen the issue with guard32.dll or guard64.dll. This is on Windows 7 7600.16385 Ultimate x86 and x64.

I do, however, agree that CIS is not yet officially supported and it’s possible some may have issues.

I use Windows 7 Ultimate RTM X64 with all of latest Hotfix files.(official and unofficial)

You said you haven’t seen the issue with guard32, 64.dll. But there are many poeple
having guard32,64.dll problem with Windows 7.
I think this is a bug.
Also many people have a problem with CAV.
When CAV scans guard64.dll, system hangs
Sure…It depands on system.
But there are too many people have same problems.

Ok, Your set up of permissions is quite different than mine, mine being default.

And I tried your setup. Left the machine alone for over an hour, not one alert, should have had several.

And, I think I was incorrect in saying rundll was executing exe’s. Maybe it was always dlls etc.

Thanks for the info. Well done! and I didn’t have to butcher 7 (I’m trying to stay away from that).

                            Edit,  a day later.   

Leave it to me, I spoke to soon, I still do get the rundll D+ alerts, though it appears to be fewer.
Just felt I needed to set the record straight.

I’m not worried about them at all. It’s only a month till 7 release so, I can click ‘ok’.

Appreciate your guy’s input though. This is interesting.

I have noted this message in the event viewer. My take is it’s a warning that this dll is being loaded in every library, which it is, on purpose, as you know.
It’s a cool security warning from ms. This is quite an event viewer.

Your saying something needs to be changed in CIS to make it recognized by 7. Not that CIS isn’t working.

And as you said, I do realize Comodo doesn’t officially support 7 yet. Works pretty good with it though. I’m sure the poor staff is working double time these day’s.

Yes, guard32, 64handle all of windows files. That’s why that msg is occurred.
It doesn’t gives us any problems. Because it just warning msg from Windows 7 for the security reasons as you know.
But we don’t need to see the msg everytime we boot up Windows 7.
When CIS support Windows 7 officially, CIS will be changed to make it recognized by Windows 7.