Windows Defender (on Win 10) breaking System Restore - windows

When I do a system restore in Windows 10 1607 (Anniversary Update), I get this error:
Based on the error, it looks like Windows Defender isn't playing well with System restore -- and lo and behold, when I disable Windows Defender, the System Restore works!
However, I don't have the option to remove Windows Defender -- the clients don't want that.
This is not an uncommon problem, and there are a few solutions out there.
Here's what I've tried:
(1)
The error says "System Restore could not access a file." Maybe the problem is that a file is corrupted? Windows Defender touches every file (I think), and maybe when it touches the corrupted file, it passes out like a scared goat.
So I ran the utility "System File Checker", but it didn't find any corrupted files. Can I trust the utility?
(2)
Success with this problem was found by turning off something called App & Browser control. The problem here is that I can't do that, because that's in the Defender Security Center, which isn't on the Anniversary Update (1607), it's on the Creator's Update (1709).
It seems that Windows Defender isn't near as configurable in 1607 than in 1709, and clients also don't want to update to 1709. OUCH. Am I missing a Windows Defender configuration that allows System Restore in 1607? I see that you can get it to not touch certain files or folders, but I don't know what file/folder System Restore would be in, as it's not really a file.
(3)
Write a script that temporarily disables Windows Defender. I actually haven't tried this because I'm not sure where to start. I would insert the script into my program, which is in C#. It would go like this:
turn off Windows Defender
run the code that does the restore point, and after it's done and the machine is restarted,
turn Windows Defender back on.
After all that, here are some specific questions:
(1) how to write a script that toggles Windows Defender
(2) is there a way to configure Windows Defender in 1607 such that it allows System Restore to work?
(3) any other ideas would be appreciated.

Related

Upgrading TortoiseGit - Close Windows Explorer

There is a hotfix version of Tortoise Git and my PC refuses to install it. It keeps saying Windows Explorer is running, even when it is not showing the Task Manager.
Is there any other way I can get this upgrade to install?
Update
I decided to start Windows 10 in Safe Mode so we can be sure that nothing is running. Yet it still would not perform the upgrade (with Administrator privileges):
I used Task Manager and I could not see gitdll.dll in the list of running processes.
1.download hotfixes
2.restart windows (don't open any apps after restart)
3.run Task Manager (from windows bar)
4.run hotfix from menu of Task Manager -- File -- Run new task
I have the same issue; I solved it by running:
listdlls64 -d "c:\Program Files\TortoiseGit\bin\gitdll.dll"
and used task manager to manually kill all processes that were using the dll, including explorer.exe. This seems entirely unnecessary but it's what worked for me.
Why so many processes (including LogonUI.exe, OpenWith.exe, splwow64.exe, etc.) attached to gitdll.dll, is unknown, and seems like an issue that can be solved. We know that explorer uses that dll, but you would think the installer/updater would expect that and be able to work around it.
In 2.10.x hotfixes there was a bug in the hotfix updater which was unable to offer a restart for replacing gitdll.dll during a restart cycle. A failure to replace this file caused lots of crashes (cf. https://tortoisegit.org/issue/3599).
Please download the full installer for TortoiseGit and install it (https://tortoisegit.org/download/; there might be a warning regarding a possible downgrade, this can be ignored).
Generally
The .MSI installer and newer hotfixes offer two options when installing:
Try to restart open processes - this might fail as described in https://stackoverflow.com/a/61026137/3906760 based on some third-party software.
Requiring no closing/restart of open programs but the replace the file on reboot. This should work in any case because the file is replaced before starting any programs using it.
I tried both types of installer:
Hotfix
Full
And both were refusing to work. I then occurred to me that all the icons were flashing on my desktop and it was stuck. This was consistent behaviour.
So I decided to switch of my Star Dock Fences:
Right-click Desktop and select Configure Fences:
Scroll-down to the bottom of the pop-up window and un-tick Enable Fences:
Close the window.
Now I was able to install the hot-fix. Interestingly the installer was only complaining about the Windows Explorer still running and did not list Fences.
I hope this helps any others who have struggles upgrading TortoiseGit.
I have successfully installed disabling AVIR and allowing the installer to close as much as it wants

Why does the setup for my ActiveX .exe hang up when "Setup is updating your system"?

I am currently trying to install my vb6 app on a Windows 8.1 computer via TeamViewer (it's kind of like remote desktop). However, the installation always hangs up after all the files are copied and this message is displayed:
Setup is updating your system
We've tried it on our own Win8.1Pro desktop (via Remote Desktop this time) and Win2008Server(both via Remote Desktop), and it installed just fine.
Right now, we've narrowed it down to one culprit - MyProjectInfo.exe the actual ActiveX .exe. Whether it is me trying to run the .exe for the first time to register it to DCOMCNFG or whether it is the setup.exe running the script $(EXESelfRegister) it just freezes up.
What differences should i look for between 1) our win8.1Pro and win2008server and 2) their win8.1? If it some coding/reference/dependency issue, what could be the cause for why it doesn't error in our desktops?
Thank you for all the help.
Uhmm... this is getting embarrassing.
Avast (present in the other person's Win8.1) was blocking MyProjectInfo.exe from running (which is basically what is does with $(EXESelfRegister).
To properly proceed with registering my ActiveEXE program, I had to turn Avast off for a while. And that was that.
This problem may also occur with other anti-virus scanners as well.

RunDll32.exe missing WinXp

I have looked every where for a download for the .exe, I have tried the fix.reg sloution, I have tried clicking run and expanding the ex_ file into the .exe, but anytime I click something I am met with this error "Windows cannot access the specified device, path, or file" It also says I may not have access to the item. I am the only user/admin and this is a fresh install of the Windows XP black edition.
I cant even use CMD. Surely there has to be a fairly simple solution? Right? I have the RunDll32.ex_ I just dont have permission to run anything like CMD to expand it. Can I simply use a .exe from another computer running same OS?
It seems you have a big problem on the registry or a broken file system.
As you said you could use a rundll32.exe from another computer with the same version of OS. Check the Service Pack installed in your Windows XP and the other computer.
You could try to copy the DLL to a pendrive from the other computer to yours.
If you cannot copy the new DLL you should need to start Windows in Safe Mode (Press F8 before Windows starts and select on the Black menu text window Boot in Safe Mode), because Windows protects all the files in c:\Windows\ and c:\windows\system32
If Safe Mode don't works, next try should be to use a Windows Live CD. Hiren's Boot has a mini Windows XP embedded.
http://www.hirensbootcd.org/
You need to download the ISO, burn It and boot the computer with it. Run the mini Windows XP and when you see the desktop run the Windows Explorer and copy the DLL from the pendrive to your fixed hard disk. Take care because your hard disk should not be the C: (that should be the mini Windows XP partition), look in other drive units for your data.

Editing registry key to force shutdown from a remote system

I have a little network of a couple of machines at home, and I need to shutdown them at a certain hour.
I found out that Windows 7 from Pro upwards offers a graphical Security Policies editor, where it's possible to allow the remote shutdown, but apart from mine, the other PCs have just Home Premium, which doesn't have the editor.
I found out that the key is editable without the need of the editor, but how, and where do I find it?
Or, are there any other ways? Thanks for the help.
I have never done what you are trying to do in regards to remote shutdown, but here is some information that may be useful:
Are you using the group policy editor for Windows 7 Pro? I believe that's gpedit.msc, right? Back in the day it used to be that you could use regmon (a Sysinternals program) to monitor registry keys that are changed, but it looks like Microsoft bought out Sysinternals and then retired Regmon. However, I believe they moved the functionality to Process Explorer (edit: turns out it's Process Monitor):
Monitor: http://technet.microsoft.com/en-us/sysinternals/bb896645
Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653
On your Windows 7 Pro machine run process monitor and set it up to monitor registry changes for gpedit.msc. Then change the setting using the program. Once you have the key you can document it or export it using regedit. I'm not sure how you plan on changing the registry key remotely, though.

Emacs on Window 7 saving files to VirtualStore directory

I've recently installed ClojureBox on a Windows 7 machine after using it on a different, XP machine for a while. When I created and saved a file, it wasn't being saved where I expected, but to the \Users\xxxx\AppData\Local\VirtualStore directory. This happened as long as I wasn't running emacs as the local administrator.
A Google search returned only a couple of hits, and with nothing I could really apply other than to run emacs as a local admin.
Any other way to get around this? Is there a windows setting, or something I could configure in emacs?
Thanks.
You can right-click Emacs and "run as Administrator" which I expect will get annoying quickly. Further, if you launch other apps from inside it you might be misled about the behaviour of those apps under normal circumstances. A better approach would be to save your files somewhere other than under Program Files or the root of C, thus avoiding virtualization.

Resources