shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,945
OS
Windows 10
#1
In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 
H

hjlbx

Guest
#2
In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 
Likes: shmu26
L

LabZero

Guest
#3
Rundll32.exe it is a legitimate process that is responsible for the loading and execution of Dll files and it's a complex system but potentially It can be subject to Dll injection.
I don't see a reason to white-list It as safe.
 

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,945
OS
Windows 10
#4
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
when babylon starts, the NVT ERP alert becomes non-responding and greyed out, so I can't click anything.
 

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,945
OS
Windows 10
#5
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.
 
H

hjlbx

Guest
#6
what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.
Sounds like bug in NVT ERP...
 
H

hjlbx

Guest
#8
I am not so sure NVT ERP is optimized for windows 10 x64, despite what it claims on the site.
It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
 
Likes: shmu26

shmu26

Level 70
Content Creator
Verified
Joined
Jul 3, 2015
Messages
5,945
OS
Windows 10
#9
It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
interesting that after a reboot or two, the "safe parent process" entry modded from C:\Windows\SysWOW64\rundll32.exe
to something different and more specific:
C:\Windows\WinSxS\x86_microsoft-windows-rundll32_31bf3856ad364e35_10.0.10586.0_none_086c4e649ce454df\rundll32.exe
I guess it's more restrictive that way, which is good.