Windows Defender Keeps Killing My App
in [VB.NET]
|
From: Mr. Taco on 5 Oct 2009 21:08 For anyone who cares, the error below is a Windows Defender Event ID 3004 notification, if this is followed by a Event ID 3005 and the action is set to ignore, than WD has NOT blocked the app. <Message> Windows Defender Real-Time Protection agent has taken action to protect this machine from spyware or other potentially unwanted software. For more information please see the following: Not Applicable Scan ID: {08XXX7EX-XBXX-4X6X-XXXX-X6XXXXXXXXXX} User: XXXXXX-XXXXXXXXX\XXXXXX Name: Unknown ID: Severity ID: Category ID: Alert Type: Unclassified software Action: Ignore </Message> Essentially, it evaluated the application and took action - ignore. For those of you looking for a good tutorial on a threading windows service look here: http://www.devcity.net/Articles/190/1/article.aspx Ultimately, rebuilding the service from scratch, using the above article to create the structure, gave me a working service. -T Mr. Taco wrote: > I wrote a fairly simple windows service that checks a website and > returns the status, emails me if the site is down. Works fine in XP (of > course), but windows defender in vista labels it as "Alert Type: > Unclassified software" and "takes action against it". > > I've modified the app manifest to require admin, highest avail and > invoker, but it's not helping anything. In my travels, I glossed over > some idea where I would have to start the service with a "runas" - I > have no idea what that is or where to begin with that. > > I've been using the VS command line and the installutil to install the > service for testing. > > Anyway, if someone could tell me what the best practice is to deploy a > windows service on vista, I would appreciate it. > > > Thanks, > > taco > > > > Event Viewer: > > Windows Defender Real-Time Protection agent has detected changes. > Microsoft recommends you analyze the software that made these changes > for potential risks. You can use information about how these programs > operate to choose whether to allow them to run or remove them from your > computer. Allow changes only if you trust the program or the software > publisher. Windows Defender can't undo changes that you allow. > For more information please see the following: > Not Applicable > Scan ID: {6B2DCXXX-5E56-4577-869F-CXXXXXXXXXXX} > User: XXXXX-XXXXX\XXXXX > Name: Unknown > ID: > Severity ID: > Category ID: > Path Found: > process:pid:2592;service:WWWCheck;file:C:\Users\XXXXXXX\Desktop\serviceApp\WWWCheck\bin\Debug\WWWCheck.exe > Alert Type: Unclassified software > Detection Type:
From: Nobody on 7 Oct 2009 12:11
Some security and AV programs skip digitally signed executables, so try to sign your files. |