Reversing 'allowed' item

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I granted access to a file called C:\WINDOWS\system32\DDMI2.sys, and
everything I've read about it makes me feel that I should disallow this. When
I look in History, it shows that the file was allowed, but I don't know how
to reverse this. Nothing shows up in relation to this file in the 'Allowed
Items'. How can I change the Action to be taken on this file?
 
It is explained at the screen 'Allowed items'. If you remove an item from the
list, Windows Defender will start monitoring it again.
 
Hi. There is no mention of this file in the 'Allowed Items' section - it is
blank.

In the History section it shows
Name - Unknown Alert level - Unknown Action Taken - Allow Date -
01/03/2006 17.54 Status - Succeeded

Description:
This program has potentially unwanted behavior.

Advice:
Allow this detected item only if you trust the program or the software
publisher.

Resources:
driver:
SDDMI2

file:
C:\WINDOWS\system32\DDMI2.sys

Category:
Not Yet Classified

So, am I stuck with it, or was it given access only once? And can I do
something to stop it.

Thanks
 
I read your post and it made me start looking at my Defender history. The
things that I have allowed from ballon messages from the system tray for
Defender do not show up in "allowed" and there seems to be no way to change
that to block. Apparently, only items that you allow during a scan show up in
the "allow" screen. This seems to be a problem. What if you allow something
and then change your mind? This is either a bug in Defender or we do not
know how to configure it properly. I hope someone from Microsoft sees this
thread and comments. Also, what is that file: DDMI2.sys? I have it on ly
computer also. Is it part of a Dell support system? Do you have any
information you could share about that file?
 
I saw that Dell forum thread when I was searching for info. Gteko Ltd. makes
the Dell Support program that runs in my system tray. I assume you have a
Dell? I wonder if this strange sys file gets activated when Dell support
establishes remote assistance with your PC? Or maybe it gets activated if
Dell support needs to download new drivers??? Many questions, no answers.
What happened to make you notice it in the first place when you told Defender
to "allow" it?
 
Yes, I have a Dell comp. Defender asked me what to do with this file (I don't
remember what caused the file to appear), and as I realised that it was
connected to Gteko and the association with Dell, I felt I could trust it -
oops! But I don't think it is a major problem, but now I would just like to
be able to decide whether to accept it or not next time.
 
Yeah! It seems like you should have the choice to change your mind. If you
figure out what caused that file to become active. post it here. I am very
curious what its function is.
 
Hi all,

Unfortunately, WD doesn't support going back and revisiting allow actions
for all unknown software. However, if we analyze the software and decide it
should be detected, it can be revisited after a scan.

You can use software explorers to manage some types of unknowns, however,
drivers are pretty dangerous to remove if you don't know what they're doing.
We really don't want to cause blue screens...but I'll enter a bug in our DB
anyway. :)

Could you please submit these files to us for analysis? Please follow the
link in the help.

Thanks!

Joe
 
I spoke to my software supplier - Dell. They are not sure about this file.
They told me to go to the Gteko website. I emailed Gteko 2 days ago to ask
about this file - still waiting for an answer. Will let you know when I hear
something. I am concerned about deleting this file as it is in System 32. It
has never been detected as a virus - checked with AVG and
Housecall.trendmicro. So, at this stage, fingers crossed!
 
I had AVG test the files out - in encrypted Zip file. They said the files
were clean and that they are part of a driver, but not to delete!
 
Back
Top