Warning event in System Log for probable Dell Support interface

[Guest]

Hi,
Once the information below is verified Defender needs to be updated.
Defender needs to correctly NOT warn for file C:\WINDOWS\system32\DDMI2.sys
as found in regkey HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SDDMI2. Although I
have not taken the time to contact Dell for verification (hoping MS has a
faster path to someone knowledgeable than I), it appears this software is
part of the Dell Support 3.x system from Gteko Ltd. Other parts are found in
C:\Program Files\WebCyberCoach\

A quick Google shows a bit of confusion about these files by users of
various spyware utilities at times, so Microsoft isn't the first and won't be
the last. Still, I'll breathe easier without false positives.

Thanks,
Rob Cohen

Windows Defender Version: 1.1.1051.0
Engine Version: 1.1.1185.0
Signature Version: 1.13.1276.16

Description:
This program has potentially unwanted behavior.

Advice:
Allow this detected item only if you trust the program or the software
publisher.

Resources:
regkey:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SDDMI2

file:
C:\WINDOWS\system32\DDMI2.sys

Category:
Not Yet Classified



Windows Defender Real-Time Protection agent has detected potential malware.
For more information please see the following:
http://www.microsoft.com
Scan ID: {1F611512-78CF-4120-AD45-8B7E1C52312B}
User: 700M\Robert
Threat Name: Unknown
Threat Id:
Threat Severity:
Threat Category:
Path Found: service:SDDMI2
Threat Classification: Unknown
Detection Type:


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

 

[Bill Sanderson]

Not yet classified items are not brought to the attention of the user by
default--so only relatively "techie" users will see either the log message
or an alert related to it.

I'm not clear on what processes can get this item shifted to
known--certainly spynet voting, but Dell should also be able to do that.

 

[Guest]

The Dell support computer check is a very intrusive program in that it
examines deeply into your PC. It's not just Defender reacting. My event
viewer is full of all kinds of other warnings whenever I run Dell computer
checkup. But, like your alert stated: allow it if you trust the program or
the software. Apparently whether you trust Dell or not, Windows feels
invaded!

 

[Guest]

Thank you to Bill and Rebel for the info. I just wish (and thought that)
Microsoft was monitoring these discussions and would pick up this issue.
Dell sells a lot of computers with Microsoft-ware included. It's of mutual
interest that they cooperate.

I'm not going to try to explain the issue to their phone support people.
They seem more focused on 'fix it now' issues than information like this. I
have a long boring story about the last time I offered them useful info via
email but I won't digress.

rob

 

[Bill Sanderson]

Microsoft does read what goes on here--I'm sure this'll get fixed over
time--but I suspect it'll take longer than either of us would wish.

--