What are "image file execution options" ?

Page 1 of 2 12 LastLast

  1. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
       #1

    What are "image file execution options" ?


    I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

    What are "Image Executions Debugger" and "Kernel Autoboot" ?

    The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

    Example usage:

    I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

    An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
    Attached Thumbnails Attached Thumbnails What are "image file execution options" ?-ifeo.jpg  
      My Computer


  2. Posts : 1,346
    Windows 7 Professional x64
       #2

    Callender said:
    I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

    What are "Image Executions Debugger" and "Kernel Autoboot" ?

    The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

    Example usage:

    I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

    An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
    Most likely the program is being run in "Services" and can be stopped there. See the following link for more information regarding "Mwsoemon.exe";

    How to Deal With Mwsoemon.Exe (Spyware): 5 Steps (with Pictures))

    HTH
    Last edited by Sir George; 06 Dec 2013 at 19:52. Reason: Typo
      My Computer


  3. Posts : 2,464
    Windows 7 Ultimate x64
       #3

    When you look at the process list, did you elevate task manager and checked "show all processes"? It may be the case that if it's elevated, it doesn't shows it.

    Another possibility, judging by the "kernel auto boot" thing, is that it uses precisely a kernel-mode driver to monitor every program launched and block it in case you configure that. Since kernel drivers have access to EVERYTHING in the system and are far more powerful than any regular process, it can get the chance to block programs ran by any user (regardless of permissions) before they even start doing anything. All that don't requires a process to happen, since kernel-mode drivers run in the core of the OS itself.

    Antiviruses often implement something similar. They hook filesystem and registry access though filters, so that they can read and analyze the data being read/written and then optionally block it altogether if malware is found.

    Have a look here: How does a Windows antivirus hook into the file access process? - Stack Overflow. Maybe it's of some help, I'm not sure how relevant is regarding your particular program, but the techniques discussed may be as well used for your purpose.
      My Computer


  4. Posts : 6,330
    Multi-Boot W7_Pro_x64 W8.1_Pro_x64 W10_Pro_x64 +Linux_VMs +Chromium_VM
       #4

    Callender said:
    I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

    What are "Image Executions Debugger" and "Kernel Autoboot" ?

    The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

    Example usage:

    I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

    An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
    What software (program) are you using for this?
      My Computer


  5. Posts : 2,464
    Windows 7 Ultimate x64
       #5

    Sir George said:
    Most likely the program is being run in "Services" and can be stopped there.
    It's another possibility, sure, but services do appear on task manager when it's elevated.
      My Computer


  6. Posts : 1,346
    Windows 7 Professional x64
       #6

    DavidW7ncus said:
    Callender said:
    I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

    What are "Image Executions Debugger" and "Kernel Autoboot" ?

    The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

    Example usage:

    I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

    An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
    What software (program) are you using for this?
    I am obviously not the OP, but my guess is s/he is referring to "Unchecky" and you can check it out at;

    How to Deal With Mwsoemon.Exe (Spyware): 5 Steps (with Pictures))

    HTH
      My Computer


  7. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #7

    Thanks Sir George but it's not a problem.


    Thanks for your input. The file name mswoemon.exe is just one that I'd added to the list of executables to block. I'm just wondering if anyone has an idea of how the software works to block specified executable files when there is no trace of it running anywhere. I understand things like using Group Policy Editor to block programs but that's not what's happening here.
      My Computer


  8. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #8

    Thanks for the tips.


    Alejandro85 said:
    When you look at the process list, did you elevate task manager and checked "show all processes"? It may be the case that if it's elevated, it doesn't shows it.

    Another possibility, judging by the "kernel auto boot" thing, is that it uses precisely a kernel-mode driver to monitor every program launched and block it in case you configure that. Since kernel drivers have access to EVERYTHING in the system and are far more powerful than any regular process, it can get the chance to block programs ran by any user (regardless of permissions) before they even start doing anything. All that don't requires a process to happen, since kernel-mode drivers run in the core of the OS itself.

    Antiviruses often implement something similar. They hook filesystem and registry access though filters, so that they can read and analyze the data being read/written and then optionally block it altogether if malware is found.

    Have a look here: How does a Windows antivirus hook into the file access process? - Stack Overflow. Maybe it's of some help, I'm not sure how relevant is regarding your particular program, but the techniques discussed may be as well used for your purpose.
    Elevated Task Manager doesn't show anything. Your kernel mode driver explanation makes more sense and I'll do some investigating!
      My Computer


  9. Posts : 1,346
    Windows 7 Professional x64
       #9

    Callender said:
    Thanks for your input. The file name mswoemon.exe is just one that I'd added to the list of executables to block. I'm just wondering if anyone has an idea of how the software works to block specified executable files when there is no trace of it running anywhere. I understand things like using Group Policy Editor to block programs but that's not what's happening here.
    So, we have elevated this to a higher level.:) Here's another possibility; the registry is sometimes used by software to cloak its location. One example of that is "CryptoPrevent" which will not appear in any other location, but is preventing certain activity.

    HTH
      My Computer


  10. Posts : 4,776
    Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
    Thread Starter
       #10

    Software used


    DavidW7ncus said:
    Callender said:
    I have software installed that prevents certain executable files from running if the file names are manually added to the block list. I'm actually struggling to understand how this works. I've done some digging about and I see entries listed as shown in the screenshot:

    What are "Image Executions Debugger" and "Kernel Autoboot" ?

    The software has no running process and doesn't appear in Task Manager so I'm trying to understand how it works. How does it block processes when it doesn't appear to have it's own running process?

    Example usage:

    I often install free software and then either keep it if I find it of use or remove it otherwise. It seems that a few times per year I'll end up installing some unwanted toolbar or PUP that has been bundled with a program's installer. So I've tried a few methods to block installation of unwanted toolbars when installing such software.

    An example might be Photofiltre - it installs Ask Toolbar with no chance to opt out of the installation (last time I checked anyway) but using the software that I'm trying out results in the program installing cleanly without the toolbar.
    What software (program) are you using for this?
    I'm using Image Hijacker but I don't really recommend other users to download it as a lot of the published download links are dodgy

    I use it to block toolbar installation and the like and display a message on screen when installation is blocked.
    Attached Thumbnails Attached Thumbnails What are "image file execution options" ?-2013-12-07.jpg  
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:31.
Find Us