New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
simplewall.exe - Bad image #611
Comments
Already signalled: #605 |
oh. i see. I thought i was going crazy :) cheers |
I have the same with Oldnewexplorer.dll |
Те же, только в профиль. JKL.dll вылетает от https://github.com/BladeMight/Mahou/releases |
same with bonjour\mdnsNSP.dll |
EN: Yes. This is Windows 10 feature named Mitigation and this option means modules without M$ signatures cannot be loaded into SW address space. Here is the solution to do not display Bad Image message: RU: Да. В Windows 10 появилась такая опция которая защищает адресное пространство приложения от подгрузки в него посторонних (non-M$) модулей. Решение по отключению этого сообщения ниже. Open PowerShell (as admin) and enter this code: set-ProcessMitigation -Name simplewall.exe -Enable BottomUp,HighEntropy,DisableExtensionPoints,MicrosoftSignedOnly,BlockRemoteImageLoads,BlockLowLabelImageLoads |
Can you please tell us why simplewall would even load these modules when they don't even have to have any network access? I saw this message relating to a DLL from PISMO File Mount, a suite that never makes any network connection. |
I wonder why it only began with the lastest release and not before. Mitigation is not a new feature, so you have changed something related to it in the lastest version of SW. Edit : Your PowerShell script doesn't prevent the "Bad image" popup. |
powershell command didn't had any effect.
Edit: now I removed the mactype program and simplewall isn't even starting and doesn't show up in the taskbar, reinstalled already. |
Since the recent update, Simplewall started showing "Bad image" to many already installed applications. Now I can't get the application window to show even after uninstallling and reinstalling. It's apparently installed but I can't configure it, Process Hacker shows it running as a suspended task. |
Yea. Such a great program but the developer seems quiet about the bug. |
I switched to Netstalker, as the dev is not answering anymore ... |
Downgraded to 3.09, the popup still appears though, so I temporarily uninstalled the offending program to prevent the bad image message. Simplewall seemed to fill a necessary hole in Windows security but now the cons are starting to outweigh the pros. 3.1 appears to be a disaster and the lack of dev feedback is encouraging me to find alternatives. |
to all @Iruberiam @JoeBarouneD @cghub-io @badwhing @ltguillaume @rudolphos
Restart SW to apply changes. And PS script fixed, SW crashed because of StrictHandleCheck. set-ProcessMitigation -Name simplewall.exe -Enable BottomUp,HighEntropy,DisableExtensionPoints,MicrosoftSignedOnly,BlockRemoteImageLoads,BlockLowLabelImageLoads
SW does not load anything not listed in his export, all this BadImages because of 3rd party apps who force injecting his DLL's into SW address space and SW resist. It's not good! |
For 3.0.9 reset Mitigation policy set by script above: set-ProcessMitigation -Name simplewall.exe -Disable MicrosoftSignedOnly |
Thank you. |
Couldn't you just revert the memory protection changes, instead of giving powershell commands that doesn't work (as for 3.1) ? |
Could you please explain what you mean by this? 😃 I'd like to learn what's going on here. What is listed in which "export"?
So, PISMO File Mount, MacType, Bandicam, Oldnewexplorer, VirtualBox etc. all try to inject their DLL into simplewall's address space? It seems like at least some of these have to do with Explorer shell extensions, right? Why would they want to inject into simplewall address space? |
ps: not "export", but "import", although it doesn’t matter.
This question is not under my knowledge. Ask them, "why". |
Thanks for the update to 3.1.1, sadly the issue with 'bad image' is still present. I've also tried the 1st PS script and restarted simplewall. |
@Iruberiam run this: set-ProcessMitigation -Name simplewall.exe -Disable MicrosoftSignedOnly |
That did it, thank you. |
Thanks for the latest update.
Before v3.1 everything was fine, but now since the update to 3.1 I am getting randomly the dialog box across many different applications. So far the dialog box comes when I start my computer freshly and have following programs running in the background:
I am worried now that simpleWall will start generating these popus on other 'dll' files of other programs.
The text was updated successfully, but these errors were encountered: