Appguard's News Thread (2017)

Status
Not open for further replies.

Duotone

Level 10
Verified
Mar 17, 2016
448
2,727
10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Mar 1, 2014
1,710
8,855
10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!
I don't know what exactly it does. But I know that it's an MS process. :)
 

XhenEd

Level 27
Verified
Trusted
Content Creator
Mar 1, 2014
1,710
8,855
Yeah search it and still don't know what it does... but its a safe process right?!
Yes, it's a safe process. :)
But it's vulnerable. That's why it's included in AppGuard (I think the hardened one).
 

paulderdash

Level 6
Verified
Apr 28, 2015
275
951
Yes, it's a safe process. :)
But it's vulnerable. That's why it's included in AppGuard (I think the hardened one).
Yip, hardened config. Not there by default.

I also used to get warnings for it, so set it to User Space = No again. TBH I never found out what was calling it.
 

Duotone

Level 10
Verified
Mar 17, 2016
448
2,727
Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!
 

paulderdash

Level 6
Verified
Apr 28, 2015
275
951
Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.

I know the hard core users all use Locked Down :).
 

Duotone

Level 10
Verified
Mar 17, 2016
448
2,727
Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.

Yeah saw your setup in the other forum... probably going back to protected with hardened.xml and see how it goes.
 
5

509322

10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!

Bytecodegenerator.exe is a part of Microsoft's AppX deployment. Since Windows 8 it has been associated with the Windows Store and Windows Apps.

TBH I never found out what was calling it.

High probability that it is associated with a task. One associated with Windows Apps.

Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!

As long as you use the hardened XML, processes are going to be blocked. Changing the mode from Locked Down to Protected Mode will enable the TPL and valid signed files to execute in User Space.

The mode isn't doing the blocking of ByteCodeGenerator.exe, but the User Space list is.

If nothing is obviously broken, then worrying about every single block event in the Activity Report is a waste of time. AppGuard does not break Windows in unknown, hidden and mysterious ways. I've explained that fact repeatedly on two forums multiple times.

I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

It isn't going to give any more infos than what @Duotone posted here. A cmd-line logger will provide the run sequence.
 

Mr.X

Level 7
Verified
Aug 2, 2014
349
1,015
This would only be necessary if restoring an image which didn't contain AG already?
Yes. Otherwise, if you have an image with AG included then there's no need to uninstall it prior restoring an image. Actually, I work with my crappy lappy this way.
 
Status
Not open for further replies.
Top