1 Reply Latest reply on Nov 4, 2015 1:41 PM by florfilla19

    Device\HarddiskVolume2\Solidcore\_tdll.dll which has been DENIED EXECED

    sagarmc004

      Could you guys please explain what is the issue in below logs.

       

      SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\SysWOW64\cmd.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

      Line 2724: K.12404.14704: Mar 16 2015:08:04:07.976: SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\SysWOW64\cmd.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_ernel32.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

      Line 2735: K.15812.1428: Mar 16 2015:08:04:09.592:  SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Program Files (x86)\ICW\Bin\grep.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

      Line 2736: K.6660.13980: Mar 16 2015:08:04:09.597:   SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume3\Cygwin\bin\cut.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

      Process '\Device\HarddiskVolume3\Cygwin\bin\perl.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2


      I don't understand why the process is trying to launch a dll file inside SolidCore folder. What are these _ernel32.dll and _tdll.dll files ?


      How should I mitigate this issue ? Will applications cmd.exe, perl.exe and grep.exe fails because of this denied execution event ?( I do not see any other denied execution log for these applications apart from the ones mentioned above)


      The issue is also also denying execution to lot of other windows executables(conhost.exe, dllhost.exe , mobsync.exe etc.)


      Line 2652: K.16752.8704: Mar 16 2015:08:00:00.652:   SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\System32\conhost.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

        Line 2688: K.8980.1604: Mar 16 2015:08:02:00.864:   SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\SysWOW64\dllhost.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

        Line 2691: K.9920.10224: Mar 16 2015:08:02:06.196:   SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\SysWOW64\dllhost.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

        Line 2701: K.4768.12328: Mar 16 2015:08:03:27.493:   SYSTEM: cctl_kern.c : 2031: Process '\Device\HarddiskVolume2\Windows\System32\mobsync.exe' tried to launch '\Device\HarddiskVolume2\Solidcore\_tdll.dll' which has been DENIED EXECED. Exec perms = 0, deny_reason = 0x2

       

      Could someone help me on this issue ?