andrey

SysNative or System32?

Recommended Posts

Hello!

EAM (behaviour blocker) responds to the file CMMON32.exe (finds DIALER).
 
The problem is that I had this file is located in Windows\System32\*
However, EAM defines this path another Windows\Sysnative\* ^_^
Therefore, created me a resolution rule for CMMON32.exe - not saved!
 
The rule is created, but after restarting the computer - disappears. It is clear-as I have in the system-there is no such way! (the last screen)
How to be in this situation? :huh:
The disadvantage is that you have each time to re-create the rule permissions for this file!

post-15967-0-45625400-1417878987_thumb.jpg
Download Image

post-15967-0-67185500-1417878993_thumb.jpg
Download Image

post-15967-0-22220000-1417879000_thumb.jpg
Download Image

Share this post


Link to post
Share on other sites

Sysnative is a virtual directory not a real one and it only visible from 32 bit applications. Explorer is 64 bit so you won't see it listed there. From File System Redirector: 32 bit applications can access the native system directory by substituting %windir%\Sysnative for %windir%\System32.

Share this post


Link to post
Share on other sites

Thank you! But...

you suggest me to rename this name in the Windows system directory?

I would not like to do! <_<
And.. why EAM responds to the virtual directory, but not on the real path?!

Share this post


Link to post
Share on other sites

Thank you, I understood You! :)

So I want to learn from the experts Emsisoft - how to be in this situation!

Yeah, i recommend you to wait for their respond. But in the meantime why don't you run a full scan with EAM to make sure your PC is clean?

Share this post


Link to post
Share on other sites

 

Of course, I've already done it! :)

In addition, 't find anything suspicious MBAM & Hitman Pro

 

Good to hear that! MBAM & Hitman Pro are my favorite anti malware tool plus AdwCleaner as well  :D

Share this post


Link to post
Share on other sites

Yes, I will wait for a response-because EAM periodically gives me trouble, determining SysNative instead of the System32 :unsure:

Share this post


Link to post
Share on other sites

Hello,

 

 

Sysnative is a virtual folder, a special alias, that can be used to access the 64-bit System32 folder from a 32-bit application or script.

 

So please create a whitelist entry in EAM on Protection/File Guard/Manage whitelist for the process C:\Windows\System32\CMMON32.exe to solve the rule issue.

  • Upvote 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.