NVT ERP -- mark vulnerable process as safe parent process?

Status
Not open for further replies.
shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Forum Veteran
Jul 3, 2015
8,148
1
31,237
8,388
Middle Earth
In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 
shmu26 said:
In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
Click to expand...

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 
  • Like
Reactions: shmu26
Rundll32.exe it is a legitimate process that is responsible for the loading and execution of Dll files and it's a complex system but potentially It can be subject to Dll injection.
I don't see a reason to white-list It as safe.
 
hjlbx said:
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
Click to expand...
when babylon starts, the NVT ERP alert becomes non-responding and greyed out, so I can't click anything.
 
hjlbx said:
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
Click to expand...
what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.
 
shmu26 said:
what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.
Click to expand...

Sounds like bug in NVT ERP...
 
shmu26 said:
I am not so sure NVT ERP is optimized for windows 10 x64, despite what it claims on the site.
Click to expand...

It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
 
  • Like
Reactions: shmu26
hjlbx said:
It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
Click to expand...
interesting that after a reboot or two, the "safe parent process" entry modded from C:\Windows\SysWOW64\rundll32.exe
to something different and more specific:
C:\Windows\WinSxS\x86_microsoft-windows-rundll32_31bf3856ad364e35_10.0.10586.0_none_086c4e649ce454df\rundll32.exe
I guess it's more restrictive that way, which is good.
 
Status
Not open for further replies.

You may also like...