slopes

rundll32.exe

Recommended Posts

Just installed EIS and all went well.

Have a question.

In protection...c:\Windows\system32\rundll32.exe is listed as "custom" for behavior

blocker and firewall in,"all allowed" for firewall out.

 

There are no allow/block boxes checked in behavior blocker and no action/rules

for firewall incoming.

 

With no boxes checked I will get an alert for behavior detected and have to decide to let it run correct?

If checked "block" will there be an alert that the behavior was blocked?

Why is incoming firewall set as custom with no rules or action?

Thanks

 

Edit...now rundll32 has disappeared from c:drive ?

Share this post


Link to post
Share on other sites

With no boxes checked I will get an alert for behavior detected and have to decide to let it run correct?

Yes, that is correct.

If checked "block" will there be an alert that the behavior was blocked?

There should be a notification in the lower-right corner of the screen when something is automatically blocked.

Why is incoming firewall set as custom with no rules or action?

Because incoming traffic is not automatically allowed for a program that isn't fully trusted, unless that traffic is coming in on a port that the program has already been using for outbound traffic. If you want specific ports or connections from specific addresses allowed for a specific process then you have the ability to create rules, or you can just set it to allow everything for that process.

Edit...now rundll32 has disappeared from c:drive ?

Is it possible it was fully trusted due to being digitally signed by Microsoft? If so, then you would have to uncheck the box to hide trusted applications in order to see it.

Share this post


Link to post
Share on other sites

Thank you gt for your reply

 

The edit was about rdll disappearing from windows/system32.

It is still listed in "protection" as custom but is no longer in c; drive.

I even did a search as well with show hidden files checked and no results.

 

I understand windows7 would rarely need rundll32?

but this kind of thing makes me a little paranoid

 

 

Thanks again gt

Share this post


Link to post
Share on other sites

Rundll32 is supposed to be in C:\Windows\System32

post-18745-0-12363400-1430295463_thumb.p
Download Image

If it's not there, then I recommend running the System File Checker. Just do the following:

  • Click on the Start button.
  • Go to All Programs.
  • Go to Accessories.
  • Right-click on Command Prompt, and select Run as administrator.
  • Type SFC /SCANNOW into the Command Prompt, and then press Enter on your keyboard.
The System File Checker will automatically fix and issues it finds, and your computer may need to be restarted when it is done.

Share this post


Link to post
Share on other sites

I ran sfc /scannow when rundll32 disappeared and it found no problems,I will run it again.

(second sfc "no integrity  violations" as well)

I know it was in system32 because I checked it when it showed up as "custom"

 

Is this something I should continue to look into?

 

If I do a system restore to try and fix this to before I installed eis and reinstall it will the trial licence work again?

 

What is the hotfix # I am suppose to install? Not having any problems with crashes at all.

Thanks gt, I appreciate your help

Share this post


Link to post
Share on other sites

If your system is operating without issues, then it's probably not a big deal.

Using the System Restore can remove the drivers and service that Emsisoft Internet Security uses, and you would be forced to reinstall it. Aside from that, it would not effect the free trial.

This is the hotfix that is needed on Windows 7:

https://support.microsoft.com/en-us/kb/2958399

Share this post


Link to post
Share on other sites

I know there has been a lot of questions about this hotfix, but can you clarify this please GT.

 

Microsoft says the hotfix is for windows 7 sp1 when used with...

Windows 7 enterprise ,professional or ultimate.

I am using home premium and have no issues.

 

Thanks

Share this post


Link to post
Share on other sites

Microsoft seems to assume that the hotfix is only needed in corporate/business environments. Unfortunately the issue can be triggered by firewalls, and thus the hotfix can be needed on home editions of Windows 7 as well.

Share this post


Link to post
Share on other sites

Had to do a clean os install

Ran the hot fix 2958339 and it extracted to c:\

Didn't seem to do much?where can I check to see if it installed properly?

 

Thanks

 

Edit...I had a warning "c:\Program\MicrosoftSecurity\Client\MsMpEng.exe" has been changed

(updated rule)

The digital certificate showed microsoft company email

I am assuming this is the hot fix?

This warning appeared in the middle of installing a couple years worth of windows updates,but before restart so I am not sure?

Share this post


Link to post
Share on other sites

If you didn't run the hotfix download as administrator, then extracting it to C:\ failed (and unfortunately it shows no error message when that happens). I recommend changing the folder it extracts to, that way it doesn't need administrator rights to save the actual hotfix installer. To make it easy to find, extracting it to some place such as your desktop might be a good idea, that way you can easily install the hotfix once it is extracted.

Share this post


Link to post
Share on other sites

I'm glad to hear that it installed OK. Please be sure to let me know if you have any further trouble.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.