Jump to content

8388 - Behaviour Blocker


JeremyNicoll
 Share

Recommended Posts

W8.1 64bit.  I'm perplexed by some items on the BB display, which here looks like: https://www.dropbox.com/s/cgo1vcidnjlzl22/20180126 BB list.bmp?dl=0

The top three items have no meaningful name or description.  When I double click, in turn on them, the 'detail' displays tell me nothing more

First one: https://www.dropbox.com/s/c4euqqpdv6bwlxr/20180126 Process 1 detail.bmp?dl=0
Second one:  https://www.dropbox.com/s/11lk28h3999hkf5/20180126 Process 2 detail.bmp?dl=0
Third one:  https://www.dropbox.com/s/14vjz9gdgjukex5/20180126 Process 3 detail.bmp?dl=0

The first one, from C:\Dropbox\Programs--ALL     is probably one of three versions of FileZilla that I have installed at the moment.  I ran two or maybe even all three of them yesterday while trying to solve an FTP problem.  The third one, from C:\Program Files (x86)\   is probably Firefox (originally a 32bit app when it auto-updated to 64bit it retained its 32-bit install location).  I've no idea what the second one might be.

 

Also a little lower on the BB display you can see eg "bash.exe" (from my "Msys2" environment) described as "Stopped".  Does "Stopped" mean something other than "not currently running"?

Link to comment
Share on other sites

Hi Jeremy,

These 3 items make no sense at all indeed  as they are folders and no processes A  double click on an item opens the apprule or creates on when it doesn't exist.
You can use the context menu on a line, which will show you various options like: Edit rule (same as double click), Lookop online, file location, file properties

Could you send me your a2rules.ini from the EAM program folder please.

Could you rollback to stable and check the protection / application rules list for these 3 items , if they exist at all.

when a process has ID : Stopped, means that an application rule exists and the program is not running.
 

Link to comment
Share on other sites

I've copied a2rules.ini (which file explorer said was last changed at 14:00) and the backup copy of the file (last changed at 11:37).  I did look in them (no, actually in
plain ASCII text copies of them) for the hex strings shown in the weird entries' descriptions, without finding anything.   Transcribing those hex strings wasn't fun -
pity here's no way to c&p them off the apprules display or a context menu 'copy to clipboard' option...

After reverting to stable I looked at its apprules display - no weird entries - I took a couple of screenshots.  I also tried filtering both the apprules display and forensic
log displays with the first 8 characters of each hex string - so eg "5DB9F310" - and nothing showed up in rule or log.

I'll PM you with links to the two .ini files and the screenshots.

Link to comment
Share on other sites

Last night I saw your revised announcement about the latest Beta and wondered if it meant you'd released a tweaked one, so this afternoon I just changed back to Beta feed, and clicked on Update in the systray menu.     Something went awry with the update process though.   After the downloads completed (I run NetMeter in a corner of the screen) I expected to see an 'application restart required' message as usual but it didn't get displayed.  I looked in the GUI at the Logs screen, whose topmost line said:

    User <myuser>     Update     Downloaded & installed 96 files (41285kb) (23 sec.)  Application restart notification.

SO: clearly enough files for a new version, but - though it says there was one - no app restart message.  When I closed the GUI, the screen blinked and then simultaneously an app restart notification was displayed (but it didn't wait for me to answer it) AND the new GUI opened.

It's possible I had a GUI panel open at the point where I requested the update, ie after changing to Beta feed I maybe didn't shut that display.  I wasn't paying enough attention, just doing what I thought was a routine thing.  Only afterwards when the process stalled did I wonder if something was waiting for the open GUI to be closed. 

The log does now show 'protection stopped' and 'protection started' messages at the top, with a 4m33s gap between the 'Downloaded and installed' message and the 'Protection stopped' one.  

I'm presuming this WASN'T a tweaked Beta, because my BB screen again shows the three non-processes at the top of the screen.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...