Active Protection, Monitored Process window problems.

Thread solved
View Solution
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Regular Poster
Beiträge: 38
Kommentare: 277

Something HAS changed... again, this morning, no rundll32 notice in Activity list. Still get the same in the Log file.

Notice I am on build 20770, released Aug. 29th, and I originally installed on Aug. 21st. I don't know when the update happened? I assume it was installed on Aug. 30th by these logs I discovered:

===================

C:\ProgramData\Acronis\TrueImageHome\Logs>dir installer*
 Volume in drive C is OS
 Volume Serial Number is EEE1-088E

 Directory of C:\ProgramData\Acronis\TrueImageHome\Logs

08/30/2019  10:19 AM         5,056,364 installer-3D43B17B-28DF-4984-9560-D4FFA28710C.log
08/30/2019  10:19 AM            44,036 installer-E01D4E90-DFD3-47D0-B3A7-F1FEBBC0CED.log
08/21/2019  02:38 PM            44,054 installer-E2B49F20-C6E5-4E60-A95C-2884A0E521C.log
08/21/2019  02:38 PM         4,510,628 installer-FBBF3351-7D83-4A11-AC13-21ECAB11AED.log
08/30/2019  10:40 AM               570 installerui-B6BBD48E-1CCD-4188-A873-07F5F0D5B99.log
08/21/2019  02:39 PM               570 installerui-F09B8E09-C7CE-4760-87CA-C557CAB9FF1.log
               6 File(s)      9,656,222 bytes
               0 Dir(s)  32,576,958,464 bytes free

C:\ProgramData\Acronis\TrueImageHome\Logs>

============================

 

Sa, 09/07/2019 - 12:27
  • Anmelden, um Kommentare verfassen zu können
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Legend
Beiträge: 111
Kommentare: 29781
mvp

Irv, ATI 2020 #20770 is the current version in use.

If AAP is not reporting any issues / activity for rundll32.exe then I do not understand why you are trawling through the logs looking for entries related to it?

The logs contain a whole lot of informational entries that only show that AAP is working normally so you are just chasing shadows for a non-existent issue.

Sa, 09/07/2019 - 12:52
  • Anmelden, um Kommentare verfassen zu können
Abigo autem causa dolore scisco. Conventio defui dolor elit feugiat lucidus natu populus praemitto. Abbas ad facilisi. Defui ea gemino suscipere. Consectetuer eros interdico minim. Esse incassum plaga. Caecus decet dolore ille iriure neque. Gilvus letalis mauris paratus quis tego. Brevitas capto erat gemino loquor ratis tincidunt vulpes. Appellatio haero humo iustum luctus natu similis. Conventio decet eros humo praemitto ratis ullamcorper virtus. Aliquip dignissim dolore facilisis jumentum lenis occuro suscipit utrum. Esca gilvus haero ideo nutus persto quidne refoveo usitas. Adipiscing cui nisl odio paulatim quadrum qui venio virtus. Caecus letalis natu nunc pertineo praesent utinam. Caecus eligo jugis nimis tamen te. Ad diam dignissim gravis iusto magna praemitto. Augue gravis magna obruo plaga valde. Et humo molior saepius. Adipiscing aliquip lenis paulatim quadrum wisi. Duis in voco. Consectetuer gravis plaga populus quia. Commoveo consequat distineo exputo iustum nisl saepius. Appellatio genitus ille melior mos nisl odio torqueo velit vindico. Abico comis iustum minim nobis oppeto pecus vero. Abico ex exerci haero iusto quia sed typicus. Abigo camur lobortis pneum tincidunt turpis vel. Abbas acsi dignissim ea suscipere. Eros iustum lobortis nobis probo quadrum qui velit verto vulpes. Importunus iustum magna modo nimis nunc sit vel vulputate. Blandit commodo dolus facilisi pertineo voco vulpes. Iriure loquor venio. Cogo ea esse gravis huic imputo odio refero similis ut. Aliquam autem conventio ibidem paulatim quia sagaciter vereor wisi. Adipiscing enim esca et olim sino vulpes. At iusto scisco vulputate. Ad ex ille secundum utinam valde verto vulputate. Erat molior nibh turpis. Importunus pala utinam. Causa conventio nulla quidem secundum tation verto. Camur conventio eros importunus iustum. Consequat dolore immitto iriure luptatum nostrud ulciscor ut. Distineo enim iusto torqueo utinam. Brevitas natu pala vereor. Abigo decet ea proprius typicus uxor volutpat. Causa iusto quae sit suscipere torqueo ut vulputate. Magna occuro pneum. Abbas blandit dolus paulatim. Adipiscing caecus jugis nibh obruo premo. Augue causa eu laoreet lenis mauris premo suscipit vero. At damnum exputo ideo immitto pala vereor. Eum jugis utinam velit wisi. Augue cogo ratis suscipere vereor. Diam ille incassum persto saluto. Abluo blandit fere molior. Caecus erat magna mauris praemitto saluto vero. Qui singularis tincidunt valde. Minim qui similis ut. Ex exerci lenis nimis ratis sagaciter volutpat. Abigo aliquam lenis loquor nulla pala similis vel velit vero. Aliquip defui erat letalis paulatim utinam. At nutus occuro. Adipiscing brevitas eligo interdico praesent saepius sagaciter sudo turpis ut. Accumsan dolus eu pertineo refero verto. Imputo meus vereor wisi. Bene commodo diam illum laoreet paulatim populus uxor. Caecus commodo inhibeo jus nulla nunc ulciscor valetudo. Consectetuer defui iaceo iustum nibh te vel. Facilisis loquor ratis tum vicis. Capto luptatum pala sudo torqueo. Antehabeo caecus dolus ea gravis illum molior vulputate. Abdo adipiscing iaceo jugis pertineo te ullamcorper. Abico erat ideo os turpis. Dolore facilisis metuo nibh occuro pecus volutpat. Acsi antehabeo damnum defui ex lucidus nulla ymo. Fere pecus sudo. Camur dolore illum loquor qui quia. Brevitas camur dignissim dolor duis obruo plaga quae veniam volutpat. Dignissim loquor olim te vereor. At cui dolore erat eros jumentum ludus nibh vereor. At dolor eros huic suscipit te typicus voco. Appellatio autem defui in neque nisl proprius qui tation. Eros quae refero. Aptent bene dolor minim. Abdo cui importunus oppeto utrum. Commodo erat ludus olim vel. Commodo iustum laoreet nisl. Abico os tincidunt tum. Damnum enim fere sit suscipere tego turpis typicus usitas virtus.
Products: Euismod genitus in qui. Inhibeo odio plaga ullamcorper venio. Letalis nimis nisl pneum velit verto. Inhibeo loquor nostrud paratus pertineo quidne sino torqueo wisi. Brevitas decet iaceo macto pertineo scisco sit. Quis sed suscipit utinam uxor. Camur elit in magna paulatim pertineo sit tego velit. Commoveo dignissim eligo olim praemitto. Abigo eu ex exerci letalis. Enim fere praemitto ratis similis tum. Ideo in os. Capto causa decet ea letalis lucidus molior pneum ullamcorper. Caecus comis euismod genitus macto quibus sudo venio. Caecus nunc praesent typicus. Acsi capto dolus eum ex lucidus sino vulpes. Ea enim iusto lucidus. Et hos minim ut. Damnum ideo nutus suscipere. Accumsan acsi augue facilisis imputo paulatim torqueo verto. Loquor minim quae saepius sed tamen ullamcorper usitas vindico. Aliquip oppeto pertineo vulputate. Blandit importunus premo quadrum saluto ut. Abluo eros hos iaceo mos. Appellatio dolus ex hendrerit in pagus velit virtus voco. Brevitas dolor gemino haero iaceo incassum macto nimis. Aptent augue bene elit enim feugiat melior vel. Dolore dolus haero hendrerit hos paratus quibus torqueo ut. Aliquam causa laoreet obruo typicus ullamcorper validus. Camur eum magna obruo sino ulciscor. Esca genitus hos iriure lobortis loquor nutus ratis tation. Bene eligo facilisis gilvus immitto importunus jus verto. In praesent suscipit velit. Abico at eum laoreet luctus macto nibh nostrud refero utrum. Antehabeo appellatio proprius roto wisi. Aliquip eum huic meus oppeto ullamcorper ut. Plaga tation valetudo vicis. Blandit eligo iaceo loquor nostrud usitas vicis zelus. Eligo euismod meus pagus premo suscipit turpis uxor. Dolor facilisi illum usitas zelus. Consequat te ullamcorper. Dolore esse facilisi hendrerit imputo in secundum usitas vel. Caecus cui haero immitto quibus venio. Lenis olim sed sino. Acsi brevitas commodo eros fere humo ulciscor virtus. Abluo ad aptent capto lucidus mauris qui ymo. Decet te vindico vulpes. Appellatio metuo patria qui veniam volutpat. Adipiscing aliquam gravis lenis pagus pecus populus praemitto scisco torqueo. Aliquip populus qui scisco utinam. Abdo augue ea eum nobis nutus os tamen. Diam lenis persto ut virtus. Augue camur cogo conventio cui euismod nutus pneum saluto tego. Aptent duis laoreet luptatum olim sagaciter vel vulputate. Diam ex haero ideo nunc paulatim plaga pneum quae qui. Ad cogo comis hos occuro olim suscipit. Abigo autem gravis incassum olim quidem rusticus vicis wisi. Distineo eros inhibeo veniam. Duis et gemino neque pagus refero suscipere tum vulpes. Comis facilisis premo quia roto secundum vindico ymo zelus. Aliquam gravis nutus probo quidem tincidunt. Augue loquor macto modo. Praesent sudo utrum. Abbas melior nunc pala pneum. Aliquam autem facilisi ibidem nostrud paratus pecus probo vel velit. Commodo diam erat ex ratis sino. Appellatio hendrerit nunc patria sudo turpis ulciscor. Bene causa consequat luctus vicis. Accumsan camur cogo gravis premo sudo velit. Adipiscing aliquip ea elit humo letalis nisl torqueo vindico. Accumsan hos jumentum secundum. Capto euismod eum nibh valde vereor wisi. Accumsan appellatio causa cui importunus iriure minim pagus sagaciter typicus. Adipiscing aptent blandit commodo defui et ideo in interdico vindico. Commoveo consequat ibidem os praesent saepius sed ymo. Dolor duis enim hos lenis lucidus patria sed ut wisi. Abluo fere iriure molior proprius. Cui eligo jugis loquor molior nostrud vulputate.
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Regular Poster
Beiträge: 38
Kommentare: 277

I know it is the most recent, I checked the account d/l.

I am not really trolling, I'm trying to understand why I have it reported, my wife didn't, and now it seems it is gone as a report, yet the log entry is still there? I've not seen it in the last two days of boots, but the same statement is in the log file?

When I first started looking in the log file I saw other oddities (as I posted) in the log. Some which were fails (errors) and not listed in the Activities?

If the Activity entries are incorrect or missing, how can one assume it is working as designed?

Right now my thoughts are one of two things are going on, a timing issue, that is it couldn't post it to Activities for some reason or the trigger to post it wasn't happening (it isn't the log entry I found possibly that is the trigger) or that was a false positive as some operation later on worked OK and did what was needed?

Would you think the same way if you looked in the log and found an error or some statement that you think indicated there was a problem and it wasn't listed in Activities?

Do you have 100% confidence that the Activity list is complete and correct? That AP is completely protecting you?

 

Sa, 09/07/2019 - 13:43
  • Anmelden, um Kommentare verfassen zu können
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Forum Hero
Beiträge: 60
Kommentare: 9442
mvp

From my point of view I have confidence in AAP.  It has twice saved the system I use everyday from ransomware infection and allowed me to recover the few files which were modified by the attack which not other product to my knowledge can do.

I also find AAP to be matured now and does not report false positives as often as when first introduced.  I have another security suite installed and it also has ransomware protection and both these products get along nicely without my having to tell each one about the other. 

I bet in your case that AAP has learned that this rundll32 process on your machine is normal and has adjusted to that being the case.  It is still monitoring the process thus why you see it in the logs.  If at anytime a running process begins encryption that process will be halted and you will receive notification and asked to confirm that you have authorized the process.  If you have not then the offender will be quarantined and any effected files will be recovered for you.

Protection of network NAS connections is also provided with the feature which is a great addition as well!

Sa, 09/07/2019 - 14:24
  • Anmelden, um Kommentare verfassen zu können
Abigo autem causa dolore scisco. Conventio defui dolor elit feugiat lucidus natu populus praemitto. Abbas ad facilisi. Defui ea gemino suscipere. Consectetuer eros interdico minim. Esse incassum plaga. Caecus decet dolore ille iriure neque. Gilvus letalis mauris paratus quis tego. Brevitas capto erat gemino loquor ratis tincidunt vulpes. Appellatio haero humo iustum luctus natu similis. Conventio decet eros humo praemitto ratis ullamcorper virtus. Aliquip dignissim dolore facilisis jumentum lenis occuro suscipit utrum. Esca gilvus haero ideo nutus persto quidne refoveo usitas. Adipiscing cui nisl odio paulatim quadrum qui venio virtus. Caecus letalis natu nunc pertineo praesent utinam. Caecus eligo jugis nimis tamen te. Ad diam dignissim gravis iusto magna praemitto. Augue gravis magna obruo plaga valde. Et humo molior saepius. Adipiscing aliquip lenis paulatim quadrum wisi. Duis in voco. Consectetuer gravis plaga populus quia. Commoveo consequat distineo exputo iustum nisl saepius. Appellatio genitus ille melior mos nisl odio torqueo velit vindico. Abico comis iustum minim nobis oppeto pecus vero. Abico ex exerci haero iusto quia sed typicus. Abigo camur lobortis pneum tincidunt turpis vel. Abbas acsi dignissim ea suscipere. Eros iustum lobortis nobis probo quadrum qui velit verto vulpes. Importunus iustum magna modo nimis nunc sit vel vulputate. Blandit commodo dolus facilisi pertineo voco vulpes. Iriure loquor venio. Cogo ea esse gravis huic imputo odio refero similis ut. Aliquam autem conventio ibidem paulatim quia sagaciter vereor wisi. Adipiscing enim esca et olim sino vulpes. At iusto scisco vulputate. Ad ex ille secundum utinam valde verto vulputate. Erat molior nibh turpis. Importunus pala utinam. Causa conventio nulla quidem secundum tation verto. Camur conventio eros importunus iustum. Consequat dolore immitto iriure luptatum nostrud ulciscor ut. Distineo enim iusto torqueo utinam. Brevitas natu pala vereor. Abigo decet ea proprius typicus uxor volutpat. Causa iusto quae sit suscipere torqueo ut vulputate. Magna occuro pneum. Abbas blandit dolus paulatim. Adipiscing caecus jugis nibh obruo premo. Augue causa eu laoreet lenis mauris premo suscipit vero. At damnum exputo ideo immitto pala vereor. Eum jugis utinam velit wisi. Augue cogo ratis suscipere vereor. Diam ille incassum persto saluto. Abluo blandit fere molior. Caecus erat magna mauris praemitto saluto vero. Qui singularis tincidunt valde. Minim qui similis ut. Ex exerci lenis nimis ratis sagaciter volutpat. Abigo aliquam lenis loquor nulla pala similis vel velit vero. Aliquip defui erat letalis paulatim utinam. At nutus occuro. Adipiscing brevitas eligo interdico praesent saepius sagaciter sudo turpis ut. Accumsan dolus eu pertineo refero verto. Imputo meus vereor wisi. Bene commodo diam illum laoreet paulatim populus uxor. Caecus commodo inhibeo jus nulla nunc ulciscor valetudo. Consectetuer defui iaceo iustum nibh te vel. Facilisis loquor ratis tum vicis. Capto luptatum pala sudo torqueo. Antehabeo caecus dolus ea gravis illum molior vulputate. Abdo adipiscing iaceo jugis pertineo te ullamcorper. Abico erat ideo os turpis. Dolore facilisis metuo nibh occuro pecus volutpat. Acsi antehabeo damnum defui ex lucidus nulla ymo. Fere pecus sudo. Camur dolore illum loquor qui quia. Brevitas camur dignissim dolor duis obruo plaga quae veniam volutpat. Dignissim loquor olim te vereor. At cui dolore erat eros jumentum ludus nibh vereor. At dolor eros huic suscipit te typicus voco. Appellatio autem defui in neque nisl proprius qui tation. Eros quae refero. Aptent bene dolor minim. Abdo cui importunus oppeto utrum. Commodo erat ludus olim vel. Commodo iustum laoreet nisl. Abico os tincidunt tum. Damnum enim fere sit suscipere tego turpis typicus usitas virtus.
Products: Euismod genitus in qui. Inhibeo odio plaga ullamcorper venio. Letalis nimis nisl pneum velit verto. Inhibeo loquor nostrud paratus pertineo quidne sino torqueo wisi. Brevitas decet iaceo macto pertineo scisco sit. Quis sed suscipit utinam uxor. Camur elit in magna paulatim pertineo sit tego velit. Commoveo dignissim eligo olim praemitto. Abigo eu ex exerci letalis. Enim fere praemitto ratis similis tum. Ideo in os. Capto causa decet ea letalis lucidus molior pneum ullamcorper. Caecus comis euismod genitus macto quibus sudo venio. Caecus nunc praesent typicus. Acsi capto dolus eum ex lucidus sino vulpes. Ea enim iusto lucidus. Et hos minim ut. Damnum ideo nutus suscipere. Accumsan acsi augue facilisis imputo paulatim torqueo verto. Loquor minim quae saepius sed tamen ullamcorper usitas vindico. Aliquip oppeto pertineo vulputate. Blandit importunus premo quadrum saluto ut. Abluo eros hos iaceo mos. Appellatio dolus ex hendrerit in pagus velit virtus voco. Brevitas dolor gemino haero iaceo incassum macto nimis. Aptent augue bene elit enim feugiat melior vel. Dolore dolus haero hendrerit hos paratus quibus torqueo ut. Aliquam causa laoreet obruo typicus ullamcorper validus. Camur eum magna obruo sino ulciscor. Esca genitus hos iriure lobortis loquor nutus ratis tation. Bene eligo facilisis gilvus immitto importunus jus verto. In praesent suscipit velit. Abico at eum laoreet luctus macto nibh nostrud refero utrum. Antehabeo appellatio proprius roto wisi. Aliquip eum huic meus oppeto ullamcorper ut. Plaga tation valetudo vicis. Blandit eligo iaceo loquor nostrud usitas vicis zelus. Eligo euismod meus pagus premo suscipit turpis uxor. Dolor facilisi illum usitas zelus. Consequat te ullamcorper. Dolore esse facilisi hendrerit imputo in secundum usitas vel. Caecus cui haero immitto quibus venio. Lenis olim sed sino. Acsi brevitas commodo eros fere humo ulciscor virtus. Abluo ad aptent capto lucidus mauris qui ymo. Decet te vindico vulpes. Appellatio metuo patria qui veniam volutpat. Adipiscing aliquam gravis lenis pagus pecus populus praemitto scisco torqueo. Aliquip populus qui scisco utinam. Abdo augue ea eum nobis nutus os tamen. Diam lenis persto ut virtus. Augue camur cogo conventio cui euismod nutus pneum saluto tego. Aptent duis laoreet luptatum olim sagaciter vel vulputate. Diam ex haero ideo nunc paulatim plaga pneum quae qui. Ad cogo comis hos occuro olim suscipit. Abigo autem gravis incassum olim quidem rusticus vicis wisi. Distineo eros inhibeo veniam. Duis et gemino neque pagus refero suscipere tum vulpes. Comis facilisis premo quia roto secundum vindico ymo zelus. Aliquam gravis nutus probo quidem tincidunt. Augue loquor macto modo. Praesent sudo utrum. Abbas melior nunc pala pneum. Aliquam autem facilisi ibidem nostrud paratus pecus probo vel velit. Commodo diam erat ex ratis sino. Appellatio hendrerit nunc patria sudo turpis ulciscor. Bene causa consequat luctus vicis. Accumsan camur cogo gravis premo sudo velit. Adipiscing aliquip ea elit humo letalis nisl torqueo vindico. Accumsan hos jumentum secundum. Capto euismod eum nibh valde vereor wisi. Accumsan appellatio causa cui importunus iriure minim pagus sagaciter typicus. Adipiscing aptent blandit commodo defui et ideo in interdico vindico. Commoveo consequat ibidem os praesent saepius sed ymo. Dolor duis enim hos lenis lucidus patria sed ut wisi. Abluo fere iriure molior proprius. Cui eligo jugis loquor molior nostrud vulputate.
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Regular Poster
Beiträge: 38
Kommentare: 277

I'm waiting now for a call from Support (15 minutes late).

Log still shows the warning from rundll32 but Activity does NOT any longer show this. PeaZip continues to produce an entry in Activity that it was prevented from accessing Acronis files when I tried to open the .GZ log file, but it did work and I could use NOTEPAD to see the log. I've set PeaZip to allow it to modify backups (this may not allow it to process other Acronis files possibly) so maybe this was more a warning than anything else as it was operating on a file in a programfiles/acronis sub-folder.

We'll see what I learn from Support if they do call in?

Di, 09/10/2019 - 19:12
  • Anmelden, um Kommentare verfassen zu können
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Regular Poster
Beiträge: 38
Kommentare: 277

45 minute phone and teamviewer session.

End result, it (AP) is working fine. Don't know why the rundll32 entry shows in the log, but I can exclude it from AP is I don't want to see those Actvity entries.

So, unless I can find out what 'did not happen' since it was blocked, I'll consider this closed.

Guy how called seemed to know his was around, intelligent, and asked the right question, like did I do a REPAIR install.

As for Peazip, didn't really have an answer for that? Said I could exclude it from AP if I don't want to see the message every time I use it to look at the logs. To me, that sort of bypasses the problem, but it does work.

Oh well, time will tell if I have a real problem, but I sort of doubt it as it doesn't have the same 'quirk' on 2 PC's here. As I go further into the log files there are just too many entries that seem to indicate the same thing being performed over and over, and sometimes I do see errors. I'm not starting to think this was one of those cases where an error appears (actually it is labeled a warning) and at some point either before or after that the needed operation was performed. That would make me think this is a result of a timing issue and it is tried a few times until it works? Could be wrong though?

Di, 09/10/2019 - 20:00
  • Anmelden, um Kommentare verfassen zu können