- Dec 19, 2012
- 1,256
I'm not sure exactly what you mean, but one can 'Add to exclusions' directly from a block alert.Been playing around with OSArmor. Interesting software. Gotta say I'm not a fan of the need to manually enter data for exclusions, it would be nice if I could just right-click on some sort of blocked process log and create excepts with a couple clicks. I wouldn't think that would be hard to implement, and don't see a benefit in copy/pasting line by line.
I can give it a try, but I only have the issue about once a month . Out of my last 20 or so restarts it has only happened once.@blackice
Can you try this new OSA Personal pre-release version?
https://downloads.osarmor.com/osa-1.5.7-setup-test1.exe
You can install it "over-the-top".
Installed "over-the-top" and tried a restart. No issues.@blackice
Can you try this new OSA Personal pre-release version?
https://downloads.osarmor.com/osa-1.5.7-setup-test1.exe
You can install it "over-the-top".
Hi does OSarmor need internet to work ?
Did you try to change your Win 10 lock screen picture? That is when I received the same identical block.Got an interesting block this morning out of the blue, no new software has been installed in about a week:
A few days ago. This is a week old install of windows with nothing installed that wasn’t before.Did you try to change your Win 10 lock screen picture? That is when I received the same identical block.
Actually I got a second identical one of these blocks last night. Just was checking the logs to look at this again. Very odd, may retrace my steps of what I may have had running.@NoVirusThanks
Got an interesting block this morning out of the blue, no new software has been installed in about a week:
Date/Time: 5/3/2021 10:26:35 AM
Process: [16776]C:\Windows\System32\rundll32.exe
Process MD5 Hash: EF3179D498793BF4234F708D3BE28633
Parent: [12664]C:\Windows\System32\dllhost.exe
Rule: BlockLOLBinsAndOtherSophisticatedAttacks
Rule Name: Block LOLBins and other sophisticated attacks
Command Line: "C:\WINDOWS\system32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617
Signer: <NULL>
Parent Signer: Microsoft Windows
User/Domain: SYSTEM/NT AUTHORITY
System File: True
Parent System File: True
Integrity Level: Medium
Parent Integrity Level: System
Here's a thread on the behavior: What is this RunDll32 instance running? . One of the triggers for it as I noted is:Actually I got a second identical one of these blocks last night. Just was checking the logs to look at this again. Very odd, may retrace my steps of what I may have had running.
Also appears youtube video playing in certain instances can trigger it.I saw this process on Windows 10, processing User Tiles - more commonly known as User Account Pictures. Possibly it is used to process other types of untrusted user data; I don't know.
I was changing a bunch of accounts to a different email address, including my M$ account. I bet that’s what triggered it.Here's a thread on the behavior: What is this RunDll32 instance running? . One of the triggers for it as I noted is:
Also appears youtube video playing in certain instances can trigger it.
Really looks like a OSA FP to me and it should probably be excluded.
What was triggering this rundll32 activity was O&O Shutup10 Win 10 SpotLight blocking setting. That has to be disabled when changing your lockscreen pic. to avoid the rundll32 activity.An update on OSA is triggering on execution of C:\WINDOWS\system32\rundll32.exe" -localserver 22d8c27b-47a1-48d1-ad08-7da7abd79617.
I don’t use Shutup10 so I’m fairly certain mine was related to the change of my email address for my M$ account since it occurred a few minutes after I changed it online, probably when it synced, and then once later after rebooting and logging in the first time after the change. Nothing in the logs since.What was triggering this rundll32 activity was O&O Shutup10 Win 10 SpotLight blocking setting. That has to be disabled when changing your lockscreen pic. to avoid the rundll32 activity.