Sign in to follow this  
Followers 0

Continuous Security Popup

12 posts in this topic

Posted

On one of my Windows machines, I'm running Win 8.1.  A security popup keeps showing up and I can't tell what triggers it.  It's as follows:

 

Program Name = Networks

Publisher = Unknown

Location = Hard Drive/Disk

 

No matter if I click on allow/yes or deny/no, it keeps coming back.  I don't know what program it belongs to or whats happening. Lol

 

Can someone here help me?

Share this post


Link to post
Share on other sites

Posted

Can you grab a screenshot?

Can you narrow it down to a process or startup entry in Task manager?

Does it continue to show up if you create a new user account and log in there, or in Safe Mode?

Share this post


Link to post
Share on other sites

Posted

as zhangm mentioned - a screenshot would be really helpful -
and a screenshot of taskmanager too maybe

Need to find out if it is your AV software, something from windows, or a 3rd party app bug.

Also, are you on a network with other computers ?
Part of a domain ?

The more info, the faster we can help you

Share this post


Link to post
Share on other sites

Posted

Do you have your account set up as a domain account and also attached to a Microsoft account?

Share this post


Link to post
Share on other sites

Posted

Can you grab a screenshot?

Can you narrow it down to a process or startup entry in Task manager?

Does it continue to show up if you create a new user account and log in there, or in Safe Mode?

I'll take the screenshots and post them.  I'm just starting the work-week so it might take me a little bit as I have to wait until I see the popup again.  I haven't done a new user account nor safe mode.  I can't remember how to get to safe mode for Win8. Lol.  It's been a while.

 

Do you have your account set up as a domain account and also attached to a Microsoft account?

It is attached to a Microsoft Account.

Share this post


Link to post
Share on other sites

Posted

I'll take the screenshots and post them.  I'm just starting the work-week so it might take me a little bit as I have to wait until I see the popup again.  I haven't done a new user account nor safe mode.  I can't remember how to get to safe mode for Win8. Lol.  It's been a while.

 

It is attached to a Microsoft Account.

there are a few ways to get to safe mode now

 

1. hold shift while the machine is powering on

2. hold shift and press restart from the charms menu

3. go to the recovery options in the metro control panel. there should be an option to reboot into adv options

Share this post


Link to post
Share on other sites

Posted

Ignore this post and look at my last post, the last post method works MUCH better.

Share this post


Link to post
Share on other sites

Posted

there are a few ways to get to safe mode now

 

1. hold shift while the machine is powering on

2. hold shift and press restart from the charms menu

3. go to the recovery options in the metro control panel. there should be an option to reboot into adv options

 

Or:

 

Use an admin-level cmd and enter to enable old F8: bcdedit /set bootmenupolicy legacy

 

and change legacy with standard to disable old boot legacy menu.

Share this post


Link to post
Share on other sites

Posted

Ok i'm still looking into this.

 

I tried a program called

 

Process Monitor

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

It appears when ever UAC is called into action consent.exe runs. So I tried it with notepad and got ...

 

11:10:44.8360814 AM    consent.exe    12136    QueryStandardInformationFile    C:\Windows\System32\notepad.exe    SUCCESS    AllocationSize: 221,184, EndOfFile: 217,600, NumberOfLinks: 4, DeletePending: False, Directory: False

 

When just running it without admin it didn't show up at all

 

So I right clicked that entry and told it to just include that.  Also added a filter for consent.exe. Also add a filter for

 

Path / Ends with / .exe / include.

 

14167540532_fbbd631de8_b.jpg

 

Once you click accept on the UAC a single exe file should show up.

 

Then as a test, I ran CMD as admin and saw this ...Ta Da!

 

13983604767_3bd7cb2daf_b.jpg

Share this post


Link to post
Share on other sites

Posted

Ok i'm still looking into this.

 

I tried a program called

 

Process Monitor

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

 

It appears when ever UAC is called into action consent.exe runs. So I tried it with notepad and got ...

 

11:10:44.8360814 AM    consent.exe    12136    QueryStandardInformationFile    C:\Windows\System32\notepad.exe    SUCCESS    AllocationSize: 221,184, EndOfFile: 217,600, NumberOfLinks: 4, DeletePending: False, Directory: False

 

When just running it without admin it didn't show up at all

 

So I right clicked that entry and told it to just include that.  Also added a filter for consent.exe. Also add a filter for

 

Path / Ends with / .exe / include.

 

14167540532_fbbd631de8_b.jpg

 

Once you click accept on the UAC a single exe file should show up.

 

Then as a test, I ran CMD as admin and saw this ...Ta Da!

 

13983604767_3bd7cb2daf_b.jpg

Ok, I'll give this a shot the next time it happens.  I haven't been able to do anything yet.  Work has been super busy and when I'm home, it hadn't happened.  I'll try and get it to happen tomorrow. Lol.  Thanks for your help.  I'll post back as soon as I have more information with what you suggested. 

there are a few ways to get to safe mode now

 

1. hold shift while the machine is powering on

2. hold shift and press restart from the charms menu

3. go to the recovery options in the metro control panel. there should be an option to reboot into adv options

Thanks for that.  I'll note it down.  =)

Share this post


Link to post
Share on other sites

Posted

Apparently, it looks like it was the Panda AV software I was using on the machine.  I could not tell which aspect of the AV software it was.  It hasn't popped up since I uninstalled the software.

Share this post


Link to post
Share on other sites

Posted

Just a quick follow up.  The popup in question still has not come since uninstalling Panda.  So, I'm confident that everything is good now.  Thanks again everyone for your help.  It's appreciated.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.