News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • App blocked by Windows

    Home » Forums » AskWoody support » Windows » App blocked by Windows

    • This topic has 8 replies, 4 voices, and was last updated anonymous.
    Author
    Topic
    #2398316

    I have Windows 10, Home, Version 20H2. Recently, when I log in I get a message that an application was blocked. I have Ransomware Protection on and I assume that is where this message is coming from. When I go to Ransomware Protection and click on Block History I get the attached Protection History dialog with the time of my log in. When I drill down I get the attached dialog which seems to imply that Windows Security is the app that has been blocked. Does anyone know what is going on here? I am hesitant to go on and allow access even though drilling down further says the security certificate is valid for Microsoft.

     

    Thanks for any help

    Viewing 5 reply threads
    Author
    Replies
    • #2398329

      What is: CLSID: {6CED0DAA-4CDE-49C9-BA3A-AE163DC3D7AF} – General Security (bleepingcomputer.com)  As I understand it, that’s security wanting to have access to your registry.   To be safe I would run an offline security scan on the system.

      Susan Bradley Patch Lady

    • #2398364

      Thanks for the reply Susan. I ran a Windows Defender Offline Scan. It didn’t seem to report any problems although it may be I don’t know where to see the report. Anyway I got the same error notification when I signed in. I tried sfc /scannow but it didn’t report any error. This time though I did manage to capture the initial error notification. Looks like I can’t post another picture in a reply here, but the message is:

      Virus & threat protection. Unauthorized changes blocked. Controlled folder access blocked C:\Windows\…\svchost.exe making changes to memory.

      Thanks again for any help you can provide.

    • #2398489

      Microsoft also has a stand-alone off-line scanner available:

      Microsoft Safety Scanner

      Note: This tool is updated regularly. Always download the latest version before use.

      I think Susan is right, but better safe than sorry. The CLSID indicates this MAY be Defender Shield Broker requesting elevated privileges to make changes.

      Strontic xCyclopedia

      When it prompts for permission to make changes (OP scn 2), click the link for the “publisher’s certificate” and verify that things look OK.

    • #2400870

      I have an update on this issue. I successfully resolved it (got the Unauthorized changes blocked message to stop) by restoring a full disk image backup from before the message began and then restoring my data files from a current backup. All was well for several days until I allowed the two Microsoft updates below to install, one of which triggered the message again:

      1) 2021-09 Update for Windows 10 Version 20H2 for x64 based Systems (KB4023057), which when clicked on said: KB4023057: Update for Windows Update Service components

      2) Security Intelligence Update for Microsoft Defender Antivirus – KB2267062 (Version 1.353.743.0), which when clicked on said: Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.

      I am assuming (hoping) that since the message was triggered by a Microsoft update, it is innocuous and that I can unblock the change, but I will wait for the experts here to confirm that opinion before I do.

      Thanks again for the help.
      Ivan Hipschman

    • #2400872

      My mistake. I did not look carefully enough at the new message. The program being blocked this time is not svchost.exe but C:\Windows\Sy…\VSSVC.exe. What is going on here?

      • #2402534

        I’m having similar issues to yours, I got hit with these messages about svchost, vssvc, winword, etc. after installing windows updates. Have you found out any new info on this issue? It’s got me worried.

      • #2402746

        I have had very similar issues as you with nearly identical files since late October, and I have NEVER had KB4023057 installed on either one of my computers.

        Since you say it started happening right after you installed a Defender definition update, I’m thinking that it’s the definition update that’s causing this for quite a few of us, since I have the same problem but I don’t have KB4023057 installed. I’ve posted in another thread as well, describing what I’ve done so far. The thread’s name is “Controlled Folder Access issue“, and folk there have had nearly identical issues to those that you have reported here.

    • #2402774

      I wish I could be more help. Over a period of about two weeks I successively got messages saying svchost.exe, VSSVC.exe and vds.exe were being blocked. I searched the Internet and found a number of references to the issue, but no one seem to know whether it was a virus or just Microsoft’s Controlled Folder Access being overly aggressive. As I mentioned in a previous post, I tried restoring a full disk image backup from before the messages began and it seemed to help for a couple of days, but the messages came back. I assume that they came back after Microsoft had performed an update but I can’t prove that.

      Since I wasn’t sure I decided to take the safer route to ignore the messages and not give the programs access. After about two weeks the messages stopped happening. Maybe Microsoft has resolved the problem. If anyone else has insight into this I would certainly be curious.

    Viewing 5 reply threads
    Reply To: App blocked by Windows

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.