PDA

View Full Version : 11 E blocked by app control due to protectionprocesscleanup



Buck Fever
02-01-2012, 12:07 PM
My PC setup:
Win 7 Enterprise 32-bit
Installshield 11 Express running in XP SP3 compatibility mode
Bit9 Parity Agent is running on the PC to control application startup, blocking unauthorized/unsigned applications.

On 1/17/2012 I installed 11 Express, Installshield ran fine, and I created installations over the last week or so.

Yesterday I tried to start up Installshield 11 Express and the Bit9 App Control blocked it with the messages below, so my questions are:

What is ~df394b.tmp? Why does installshield try to run a file in my temp folder?
What is protectionprocesscleanup? Why does it try to run a file in my temp folder?
What is this Installshield process trying to accomplish?
Is this a process I can turn off/stop from occuring to so Bit9 allows Installshield to start up?


1 isdev.exe ~df394b.tmp c:\users\e1035363\appdata\local\temp\protectionprocessorcleanup.0001.dir.0001\

Application Control blocked an attempt by isdev.exe to run ~df394b.tmp because the file is not approved. If you require this program to run, please click the link below which has information about why this file was blocked and how to get help from support.

Source[c:\program files\installshield 11 express edition\system\isdev.exe]
User[e1035363] Pid[2792] Tid[4624]
Target[c:\users\e1035363\appdata\local\temp\protectionprocessorcleanup.0001.dir.0001\~df394b.tmp]
Media[Fixed] Device[0x00000008]
State[Pending] Flags[0x00000002]
Rule[File Execute: Pending executables] List[1] Group[100] Id[10]
Guid[{e4c985c8-6247-49ce-aea5-2305c54adcf2}]
Policy[Lockdown] Id[16] Version[0x8FC4506A] Config[69327]
Seccon[20] Online[20] Offline[20]

2 protectionprocessorcleanup.0001 ~df394b.tmp c:\users\e1035363\appdata\local\temp\protectionprocessorcleanup.0001.dir.0001\

Application Control blocked an attempt by protectionprocessorcleanup.0001 to run ~df394b.tmp because the file is not approved. If you require this program to run, please click the link below which has information about why this file was blocked and how to get help from support.

Source[c:\users\e1035363\appdata\local\temp\protectionprocessorcleanup.0001]
User[e1035363] Pid[1412] Tid[4656]
Target[c:\users\e1035363\appdata\local\temp\protectionprocessorcleanup.0001.dir.0001\~df394b.tmp]
Media[Fixed] Device[0x00000008]
State[Pending] Flags[0x00000002]
Rule[File Execute: Pending executables] List[1] Group[100] Id[10]
Guid[{e4c985c8-6247-49ce-aea5-2305c54adcf2}]
Policy[Lockdown] Id[16] Version[0x8FC4506A] Config[69327]
Seccon[20] Online[20] Offline[20]