This content has been marked as final. Show 10 replies
anyone can help?
I need some help,please
still no one?
Unfortunately, despite your repeated requests, you continue to give us no information about your computer.. Usually folks add more data with each post.. It's hard to suggest something when we really know nothing about the problem.
Are you using McAfee? If so, which version, and which program?
Which "log" are you talking about?
Which EXACT dll are you referring to?
And most importantly, IF this happens to be in "Access Protection" logs, have you simply tried UNCHECKING the "Block" box to allow the program to run correctly but only Log the issue?
Hope this helps and let us know more.
I thought I made myself clear,I am sorry.
So that's the details:
System:XP sp2 Mcafee VirusScan Enterprise 8.5i
NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\Program Files\Stardock\WindowBlinds\wblind.dll
It's a dll of the program "windows blinds"
I think it's a shell program(I mean it will change the shell look of your windows,especially explorer.exe)
and it seems it injects this dll into many processes(almost all,except for the backstage ones)
Yes,it is in "Access Protection"log,and I trust this program and dll,but I wonder will it be unsafe if I just unactive the "prevent svchost executing non-Windows executables"?I am now running the program with unblocking but logging this issue,and If I block it can still run but may occur errors sometimes.And I think I can't just shutdown the "prevent svchost executing non-Windows executables" or exclude so many processes.
Again,I am sorry for not giving enough info.I thought I posted it here and you would understand what I meant.Hope this works out.
I am familiar with Window Blinds.. In my opinion, it's a bit of "fluff" which allows users to change the appearance of their machine and isn't a "required" program.. None of our computers has it installed.
Yes, it should be safe to disable the option you mention.. In our large network, we don't have ANY of the items in "Antivirus MAXIMUM Protection" checked for "Access Protection".. In other words, the "Prevent svchost executing non-Windows executables" listing is NOT checked on any of our machines.
Hope this helps.
Got it,then I just leave it unchecked.
Thanks a lot.I think it's solved.
But,let's say,is it impossible to fill a dll into the "prevent svchost executing non-Windows executables" field?
I've not found a way to exclude a specific dll from that particular protection.... So...you are correct as far as I am aware. Still, that particular section is for ALL third party executables.. It's designed to be "harsh"... Renaming a "bad" dll with an approved "good" name might allow it to run unsupervised and do damage to the computer...
Hope this helps.
Thank you again for answering me!