Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What are "image file execution options" ?

06 Dec 2013   #1
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
What are "image file execution options" ?

I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

What are "Image Executions Debugger" and "Kernel Autoboot" ?

The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

Example usage:

I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.




Attached Thumbnails
What are "image file execution options" ?-ifeo.jpg  
My System SpecsSystem Spec
.
06 Dec 2013   #2
Sir George

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by Callender View Post
I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

What are "Image Executions Debugger" and "Kernel Autoboot" ?

The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

Example usage:

I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
Most likely the program is being run in "Services" and can be stopped there. See the following link for more information regarding "Mwsoemon.exe";

How to Deal With Mwsoemon.Exe (Spyware): 5 Steps (with Pictures))

HTH
My System SpecsSystem Spec
06 Dec 2013   #3
Alejandro85

Windows 7 Ultimate x64
 
 

When you look at the process list, did you elevate task manager and checked "show all processes"? It may be the case that if it's elevated, it doesn't shows it.

Another possibility, judging by the "kernel auto boot" thing, is that it uses precisely a kernel-mode driver to monitor every program launched and block it in case you configure that. Since kernel drivers have access to EVERYTHING in the system and are far more powerful than any regular process, it can get the chance to block programs ran by any user (regardless of permissions) before they even start doing anything. All that don't requires a process to happen, since kernel-mode drivers run in the core of the OS itself.

Antiviruses often implement something similar. They hook filesystem and registry access though filters, so that they can read and analyze the data being read/written and then optionally block it altogether if malware is found.

Have a look here: How does a Windows antivirus hook into the file access process? - Stack Overflow. Maybe it's of some help, I'm not sure how relevant is regarding your particular program, but the techniques discussed may be as well used for your purpose.
My System SpecsSystem Spec
.

06 Dec 2013   #4
DavidE

Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64
 
 

Quote   Quote: Originally Posted by Callender View Post
I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

What are "Image Executions Debugger" and "Kernel Autoboot" ?

The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

Example usage:

I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
What software (program) are you using for this?
My System SpecsSystem Spec
06 Dec 2013   #5
Alejandro85

Windows 7 Ultimate x64
 
 

Quote   Quote: Originally Posted by Sir George View Post
Most likely the program is being run in "Services" and can be stopped there.
It's another possibility, sure, but services do appear on task manager when it's elevated.
My System SpecsSystem Spec
06 Dec 2013   #6
Sir George

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by DavidW7ncus View Post
Quote   Quote: Originally Posted by Callender View Post
I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

What are "Image Executions Debugger" and "Kernel Autoboot" ?

The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

Example usage:

I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
What software (program) are you using for this?
I am obviously not the OP, but my guess is s/he is referring to "Unchecky" and you can check it out at;

How to Deal With Mwsoemon.Exe (Spyware): 5 Steps (with Pictures))

HTH
My System SpecsSystem Spec
06 Dec 2013   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Thanks Sir George but it's not a problem.

Thanks for your input. The file name mswoemon.exe is just one that I'd added to the list of executables to block. I'm just wondering if anyone has an idea of how the software works to block specified executable files when there is no trace of it running anywhere. I understand things like using Group Policy Editor to block programs but that's not what's happening here.
My System SpecsSystem Spec
06 Dec 2013   #8
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Thanks for the tips.

Quote   Quote: Originally Posted by Alejandro85 View Post
When you look at the process list, did you elevate task manager and checked "show all processes"? It may be the case that if it's elevated, it doesn't shows it.

Another possibility, judging by the "kernel auto boot" thing, is that it uses precisely a kernel-mode driver to monitor every program launched and block it in case you configure that. Since kernel drivers have access to EVERYTHING in the system and are far more powerful than any regular process, it can get the chance to block programs ran by any user (regardless of permissions) before they even start doing anything. All that don't requires a process to happen, since kernel-mode drivers run in the core of the OS itself.

Antiviruses often implement something similar. They hook filesystem and registry access though filters, so that they can read and analyze the data being read/written and then optionally block it altogether if malware is found.

Have a look here: How does a Windows antivirus hook into the file access process? - Stack Overflow. Maybe it's of some help, I'm not sure how relevant is regarding your particular program, but the techniques discussed may be as well used for your purpose.
Elevated Task Manager doesn't show anything. Your kernel mode driver explanation makes more sense and I'll do some investigating!
My System SpecsSystem Spec
06 Dec 2013   #9
Sir George

Windows 7 Professional x64
 
 

Quote   Quote: Originally Posted by Callender View Post
Thanks for your input. The file name mswoemon.exe is just one that I'd added to the list of executables to block. I'm just wondering if anyone has an idea of how the software works to block specified executable files when there is no trace of it running anywhere. I understand things like using Group Policy Editor to block programs but that's not what's happening here.
So, we have elevated this to a higher level. Here's another possibility; the registry is sometimes used by software to cloak its location. One example of that is "CryptoPrevent" which will not appear in any other location, but is preventing certain activity.

HTH
My System SpecsSystem Spec
06 Dec 2013   #10
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Software used

Quote   Quote: Originally Posted by DavidW7ncus View Post
Quote   Quote: Originally Posted by Callender View Post
I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

What are "Image Executions Debugger" and "Kernel Autoboot" ?

The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

Example usage:

I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
What software (program) are you using for this?
I'm using Image Hijacker but I don't really recommend other users to download it as a lot of the published download links are dodgy

I use it to block toolbar installation and the like and display a message on screen when installation is blocked.


Attached Images
What are "image file execution options" ?-2013-12-07.jpg 
My System SpecsSystem Spec
Reply

 What are "image file execution options" ?




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Bad Image Error due to file "npmproxy.dll"
I keep getting intermittent "(insert program name) - Bad Image" error pop-up. The message blames the file "npmproxy.dll". The pop-up is normally associated with an Apple program (I run Outlook and use iCloud and iTunes for syncing). I have spent countless hours trying to fix this. I have...
General Discussion
Cant find "System Image" of 36 GB but its shows on "Manage Disc Space"
Dear Experts, I have created windows image on Drive F: but delete it after some time manually due to some space prob. But while backup shows about 40 GB only few GB space got free after deletion. When i try to again take the the backup using windows 7 backup & restore option, its still shows 35...
Backup and Restore
Can File "image" be changed to XP style ??
As a professional photographer, one of the most annoying things that bothers me about Windows7 is that the file folder looks like an open book with an image coming out of it. THAT is not good enough. In that respect, I liked WindowsXP much better. Is there ANY WAY to change it in Windows7 so...
Customization
No "usb legacy support" "qfan" options on my asus laptop bios.
Entering the bios limits me to certain options. Is there anyway to access the other options? sorry, newbie here.
Performance & Maintenance
How to back up the "Indexing Options" settings? [registry/system file?
I'd like to back up (and be able to restore upon win7 reinstall) all my heavily-customised Indexing Options settings. e.g. I have VERY customised list of file types that I have ticked in the Advanced Options, to the "Index Properties and File Contents" type instead of just "Properties" - which...
Backup and Restore
"..image file [install.wim] does not exist."
I have windows 7 build 6956 running perfect on my current pc, i tried installing it on another pc, and i got the error... "Windows could not collect information for since the specified image file does not exist." I used the same DVD, i know install.wim is on it. Any one else get this...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:50.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App