Having to allow a btach file every day?

[Guest]

Every morning I get into the office and the WD icon is in the tray (with a
little question mark). I click it and it shows me two files form my start
up. They are marked as "allow" as I had told it originally, but I have to
hit "apply actions" everyday to make the icon leave the systray.

One of the files in question is a batch file that runs regedit from the
command line to kill off Real Player and Quick Time startup tasks (if they
exist).

The other is a VBS script that changes my UltraMon multi-monitor wallpaper.

They show up in the Software Explorer as "Not yet classified". And my only
optiuons seem to be "remove" or "disable" -- niether of which are what I want
to do.

Both of these were written by me for me, so I don't ever expect MS or Spynet
to classfy these as I'm the only one using these two specific scripts.

My question is how the heck to I set WD to ALWAYS allow/ignore them?

Thanks in advance.

 

[Bill Sanderson]

Try going to tools, general settngs, and scrolling down to "advanced
options" and setting the batch files into the exclusion area there. I'd
like to hear how that works--this is one a number of users will hit, I
suspect.

 

[Guest]

Thanks Bill, I'll bet dollars to donuts that'll keep it from bugging me --
I'll know for sure tomorrow morning I guess. If, for some reason, it doesn't
work, I'll be back to this thread, if you don' thear from me, it worked.

 

[Bill Sanderson]

I think it should. There are some other startup type issues that involve a
new or changed entity each morning--some antivirus apps do this, I
think--they are going to be tougher nuts to crack.

--

 

[Guest]

I would image -- I know that Trend Micro's PC-Cillin like to change it's
watchdog program to a new file name every so often. Fun fun, and immensly
viral-like (polymorphic, sort of ).

 

[Bill Sanderson]

Yup--the rootkit detector programs are pretty tough too. I had to shut down
Windows Defender to run RootKitRevealer--it prevented it from running. I
believe I was ok with BlackLight after some effort.

--

 

[Guest]

Well it's a new day and the solution half-waorked.

The VBS script was allowed, and I didn't have to Ok it this morning. Which
is perfect.

The problem lies with the batch file.

What's going on is this:

The VBS is actually in my startup folder, and it's blocked with the path
"C:\Documents and Settings\techie007\Start
Menu\Programs\Startup\AutoRandomWallpaperChanger.vbs".

The batch file exists in it's own folder, and in the all users' start up is
just a shortcut to it. So when I navigate to "C:\Documents and Settings\All
Users\Start Menu\Programs\Startup" and pick the link, WD pulls the target
path and uses it ("C:\KillQT-Real\QT-REALKiller.bat");.

The problem is WD pops up and makes me allow the batch file again this
morning because it thinks it's located at "C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\QT-REALKiller.lnk".

Know what I'm saying?

And since the file browse/select dialog is the only way to add a path, I
can't add "C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\QT-REALKiller.lnk" because it will just pull the target
path and use it again.

SOOO I think I've come up with a work around for now. I stopped all the WD
services, opened up regedit and navigated to
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Scan\ExcludePaths",
added myself to the write permissions on the key, and then manually added the
"C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\QT-REALKiller.lnk" path. I then removed myself from
the write-permission list.

Then I came here and told you what I'm doing. So the next trick is a
reboot and we'll see if the correct path is in WD's list, and then tomorrow
morning we'll see if it pops up again.

I'll be back in a minute or two to let you know if it at least added the
path to the list according to WD.

 

[Guest]

The path I added via regedit now shows up in WD's exclude list, so I woul
dguess that tomorrow morning it will not ask me about either -- we shall see

 

[Bill Sanderson]

Well it's a new day and the solution half-waorked.

The VBS script was allowed, and I didn't have to Ok it this morning. Which
is perfect.

The problem lies with the batch file.

What's going on is this:

The VBS is actually in my startup folder, and it's blocked with the path
"C:\Documents and Settings\techie007\Start
Menu\Programs\Startup\AutoRandomWallpaperChanger.vbs".

The batch file exists in it's own folder, and in the all users' start up
is
just a shortcut to it. So when I navigate to "C:\Documents and
Settings\All
Users\Start Menu\Programs\Startup" and pick the link, WD pulls the target
path and uses it ("C:\KillQT-Real\QT-REALKiller.bat");.

The problem is WD pops up and makes me allow the batch file again this
morning because it thinks it's located at "C:\Documents and Settings\All
Users\Start Menu\Programs\Startup\QT-REALKiller.lnk".

Know what I'm saying?

And since the file browse/select dialog is the only way to add a path, I
can't add "C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\QT-REALKiller.lnk" because it will just pull the
target
path and use it again.

SOOO I think I've come up with a work around for now. I stopped all the
WD
services, opened up regedit and navigated to
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Defender\Scan\ExcludePaths",
added myself to the write permissions on the key, and then manually added
the
"C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\QT-REALKiller.lnk" path. I then removed myself
from
the write-permission list.

Then I came here and told you what I'm doing. So the next trick is a
reboot and we'll see if the correct path is in WD's list, and then
tomorrow
morning we'll see if it pops up again.

I'll be back in a minute or two to let you know if it at least added the
path to the list according to WD.

Umm -- I got down to where you were telling me about the .lnk and the batch
file, and I was going to say this looks like one of those situations in
which you are going to have to change things to suite the behavior of the
danged monitoring program, and then I read further.....: )

Good luck! I suspect this isn't a solution I am going to recommend widely,
but maybe the team working on the product will read this and think of a
better way to deal with the situation.

I'll look forward to hearing if it works!

 

[Guest]

Umm -- I got down to where you were telling me about the .lnk and the batch
file, and I was going to say this looks like one of those situations in
which you are going to have to change things to suite the behavior of the
danged monitoring program, and then I read further.....: )

Howdy, havn't had time to pop back in and let you know what's up.

It worked like a charm. Hopfully MS will tweak that file selection routine
a little, perhaps automatically include the shortcut path, as well as it's
target.

Peace out...

 

[Bill Sanderson]

Howdy, havn't had time to pop back in and let you know what's up.

It worked like a charm. Hopfully MS will tweak that file selection
routine
a little, perhaps automatically include the shortcut path, as well as it's
target.

Thanks for the report!

 

[Guest]

In regedit (I'm assuming XP) - Edit-->Permissions.

Add your account to the key with write permissions. If it already exists,
add write permission.

I'm not sure if you have to, but you may have to apply the setting to child
objects of ExcluldePaths.

Make sure you note what the previous settings were so you can change it back
(for security reasons) once you've added the path(s) in question.

Hope that helps.

 

[Guest]

Hi,

I'm not sure I could explain it any clearer? I made the changes with
regedit, WD has no control over me, I don't need it's permission. hehehe

If what's typed below (in my quote) doesn't make sence, then I'd have to
suggest that it's probably not a good idea for you to be attempting to edit
your own registry.

techie007

 

[Guest]

The only problem I'm having with it is that when I try to edit they registry
entry, I get an error that says "Cannot edit ExcludePaths. Error writing the
value's new contents." I have administrator priveledges on the computer.
From what I understood from what you wrote ("added myself to the write
permissions on the key"), there is somewhere that I have to change a setting
or a registry entry so that I am able to make changes to the key in the
registry that contains the exclude paths.

So, am I just understanding you wrong, or is there somewhere that I have to
add myself to an "allow" list? And, if not, why am I getting the error
message when I try to edit the key?

Thanks

 

[Guest]

I'll bet you a donut it works.

Thanks for the thanks.

techie007

 

[Guest]

That allowed me to make the change. I'll find out on the next scan if it
totally fixed the problem, but I'm assuming it will since the path is now
listed under general settings.

Thanks for the help. I didn't realize that there was a restriction like
that in there, although now it seems kind of obvious that something like that
would be included.

 

[Guest]

So how did you set Defender to allow you to make changes to the registry?

I am having the same problem, and it was noted that I take a look at your
solution, and it is something I would like to try.

Thanks