Is it safe to permanently block rundll32.exe on the real machine?

[Online_Sword]

Some anti-exe programs will block rundll32.exe.
Until now, they cause no problem on my virtual machines.
But what about the real machine?

I heard that some drivers of nvidia graphic cards depend on rundll32.exe. So I guess permanently blocking it may cause some problems on some real machines.
However, this information is a bit old, so I do not know whether it applies to the modern drivers and systems or not.
I cannot verify this by myself because my graphic chip is integrated into the CPU.

So my problem is, would blocking rundll32.exe (potentially) influence the stability of the system?

 

[Ink]

What is rundll32.exe And Why Is It Running?

Since there’s no way to directly launch a DLL file, the rundll32.exe application is simply used to launch functionality stored in shared .dll files. This executable is a valid part of Windows, and normally shouldn’t be a threat.
Note: the valid process is normally located at \Windows\System32\rundll32.exe, but sometimes spyware uses the same filename and runs from a different directory in order to disguise itself.​

Read on about using Process Explorer to find out what's running rundll32.exe, then you can determine if it's a good idea or not.

Did you check if these anti-executable software block the genuine rundll32.exe or fakes?

 

[Malware Man]

Well, this process belongs to System32 I believe. It is responsible for calling on 16 or 32 bit DLLs in conjunction with the rundll.exe process.

I wouldn't disable it since DLLs are a major part of Windows and could probably mess up your programs. Especially the 32 bit ones.

I am using Applocker which will auto whitelist system folders and files, so it doesn't block it for me!

 

[MalwareT]

It would be dumb idea to block it, a lot of apps use it.

 

[hjlbx]

rundll32 is needed for Windows to work properly; blocking it will break many things on your system !

If you want to monitor rundll32, then use NVT ERP and white-list legitimate rundll32 command lines; you have to put in the time and effort to learn how it all works...

 

[Online_Sword]

Did you check if these anti-executable software block the genuine rundll32.exe or fakes?

Thank you for your reply.

In fact, this is the default option of both Exe Radar Pro and VoodooShield.

In particular, ERP identifies rundll32.exe as the "vunlnerable process", which is blocked by default in the "Lockdown" mode.
The default option of VS is similar.

I mean, this is the build-in feature of these products, and has nothing to do with whether rundll32.exe is fake or not.

 

[Online_Sword]

rundll32 is needed for Windows to work properly; blocking it will break many things on your system !

If you want to monitor rundll32, then use NVT ERP and white-list legitimate rundll32 command lines; you have to put in the time and effort to learn how it all works...

Thank you for your reply.

But as you know, VS would also block rundll32 by default.
Different from ERP, VS seems not to have any command-line whitelist.
However, my virtual machine running VS still works well...

 

[Online_Sword]

@Huracan , @hjlbx , sorry I made some mistakes.
VoodooShield (2.82 beta), as well as Exe Radar Pro, have their own command-line whitelists.
So...blocking rundll32 is safe only when essential operations are properly whitelisted...Is this correct?

 

[hjlbx]

@Huracan , @hjlbx , sorry I made some mistakes.
VoodooShield (2.82 beta), as well as Exe Radar Pro, have their own command-line whitelists.
So...blocking rundll32 is safe only when essential operations are properly whitelisted...Is this correct?

Correct. rundll32 should be monitored since there is a lot of malware that will abuse it...

 

[MalwareT]

just like other system processes.

 

[jamescv7]

Windows Explorer, changing the appearance and opening Windows based application are such one of the functions of Rundll32.exe which if you block may cause instability.

I've encounter quite of this which causes to be problematic like after a massive computer virus.

Better block other stuffs that cannot affect Windows operating system.