Are you using Appguard?

  • Total voters
    107
Status
Not open for further replies.

Duotone

Level 10
Verified
10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!
 

paulderdash

Level 5
Yes, it's a safe process. :)
But it's vulnerable. That's why it's included in AppGuard (I think the hardened one).
Yip, hardened config. Not there by default.

I also used to get warnings for it, so set it to User Space = No again. TBH I never found out what was calling it.
 

Duotone

Level 10
Verified
Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!
 

paulderdash

Level 5
Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.

I know the hard core users all use Locked Down :).
 

Duotone

Level 10
Verified
Try it. I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...

TBH I always run in Protected mode as I have a layered setup, and am a low risk user.
Yeah saw your setup in the other forum... probably going back to protected with hardened.xml and see how it goes.
 
5

509322

10/03/17 12:09:58 Prevented process <bytecodegenerator.exe | c:\windows\system32\svchost.exe> from launching from <c:\windows\system32>.
What's bytecodegenerator?!
Bytecodegenerator.exe is a part of Microsoft's AppX deployment. Since Windows 8 it has been associated with the Windows Store and Windows Apps.

TBH I never found out what was calling it.
High probability that it is associated with a task. One associated with Windows Apps.

Oh your right its included in the Hardened.xml... Was thinking of keeping it still set to yes "Yes" then just using Appguard in "Protected". What you guys think?!
As long as you use the hardened XML, processes are going to be blocked. Changing the mode from Locked Down to Protected Mode will enable the TPL and valid signed files to execute in User Space.

The mode isn't doing the blocking of ByteCodeGenerator.exe, but the User Space list is.

If nothing is obviously broken, then worrying about every single block event in the Activity Report is a waste of time. AppGuard does not break Windows in unknown, hidden and mysterious ways. I've explained that fact repeatedly on two forums multiple times.

I'd be interested if you can determine from Activity Report what was needing to use bytecodegenerator.exe ...
It isn't going to give any more infos than what @Duotone posted here. A cmd-line logger will provide the run sequence.
 
Status
Not open for further replies.