NVT ERP -- mark vulnerable process as safe parent process?

Status
Not open for further replies.

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?
 
H

hjlbx

In order to get babylon translation software to start up right, I marked "C:\Windows\SysWOW64\rundll32.exe"
as a safe parent process.
(It was not enough to just mark babylon.exe as a safe parent process.)
Is this a security risk, and if so, what's the better way to do it?

White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
 
  • Like
Reactions: shmu26
L

LabZero

Rundll32.exe it is a legitimate process that is responsible for the loading and execution of Dll files and it's a complex system but potentially It can be subject to Dll injection.
I don't see a reason to white-list It as safe.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
when babylon starts, the NVT ERP alert becomes non-responding and greyed out, so I can't click anything.
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
White-list the rundll32.exe commandline when Babylon starts instead of the rundll32.exe process.

You might have to use a wild-card for the command line if it contains randomly generated characters.
what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.
 
H

hjlbx

what happens is I get a warning about a vulnerable app, and then it freezes. It didn't help to add the command line manually to whitelist, and also training mode doesn't help. There are no random characters, just a normal path and file name.

Sounds like bug in NVT ERP...
 

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
Sounds like bug in NVT ERP...
I am not so sure NVT ERP is optimized for windows 10 x64, despite what it claims on the site.
 
H

hjlbx

I am not so sure NVT ERP is optimized for windows 10 x64, despite what it claims on the site.

It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
 
  • Like
Reactions: shmu26

shmu26

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,150
It works OK on my 64 bit system, but it isn't officially supported.

NVT ERP is no longer actively developed, so we're all kind of at a loss...
interesting that after a reboot or two, the "safe parent process" entry modded from C:\Windows\SysWOW64\rundll32.exe
to something different and more specific:
C:\Windows\WinSxS\x86_microsoft-windows-rundll32_31bf3856ad364e35_10.0.10586.0_none_086c4e649ce454df\rundll32.exe
I guess it's more restrictive that way, which is good.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top