2 of 2 people found this helpful
Amy C., can you find out for us what each of those three executables is for and what each of them does?
FWIW, I have all kinds of OEM icons in my notification area ("tray") for controlling video, audio, touchpad, etc., and I never use any of them. I doubt I would miss them if they weren't there, and I doubt that video, audio, etc. performance would suffer in any way. The big difference is that they all start from auto-start extensibility points (ASEPs) that are manageable from whitelisting solutions. So for these Intel executables, if they aren't important for end users, I'd rather not bother going through contortions to create whitelisting rules allow these batch files to execute.
I can fill this out also: It's the same issue however, the batch files being needed after the install of the driver.
Answers (N/A if not applicable)
Provide a detailed description of the issue
Bit9/Carbon black is blocking the Batch file need to be able to disable the batch file
Please place an X to the right of the option showing how often you see this issue using specific steps. (Ex: 'Every few times a game is started it flickers.' <- This would be "Often")
Often (51-99%): x
Very Sporadic (<20%):
Brand and Model of the system.
Lenovo Thinkcenter M10MR-0047US
Hybrid or switchable graphics system?
ie Does it have AMD or NV graphics too?
Make and model of any Displays that are used to see the issue (see note2 below).
LFP = Local Flat Panel (Laptop panel)
EFP = External Flat Panel (Monitor you plug in)
EFP -many models, it's happening over our fleet we have 20 of these deployed now.
How much memory [RAM] in the system (see note2 below).
Provide any other hardware needed to replicate the issue.
ie: Cables&brand, cable type [vga, hdmi, DP, etc], dock, dongles/adapters, etc
It's the graphics driver depending n running this batch file, hardware (other than the graphics) independant
Hardware Stepping (see note1 below).
Operating System version (see note2 below).
Windows 7 Enterprise 64 Bit
VBIOS (video BIOS) version. This can be found in “information page” of CUI (right click on Desktop and select “Graphics Properties”.
Graphics Driver version; for both integrated Intel and 3rd party vendors (see note2 below).
SW or Apps version used to replicate the issue.
Carbon Black/Bit9 installed in Block mode
Single display, clone, or extended (see note2 below).
Single (doesn't matter the displays)
Display resolution & refresh rate setting of each display (see note2 below).
AC or DC mode, i.e. is power cable plugged in or not?
Power plugged in.
How to repro
Please provide steps to replicate the issue. These steps are very crucial to finding the root cause and fix.
A screenshot to illustrate the issue is a huge plus. A video of the failure is even better! Attach to the post or provide the YouTube link.
- Have windows PC with bit9/carbon black installed
- Install new driver
- Block occurs
I've gotten it to stop occurring on some boots by copying the batch files to a trusted directory and then copying them to the location on the C drive (basically approving the file) it will run when the file is present. However it seems if the file is changed (the hash of the file is different therefore unapproved) or not present it still tries to run the missing file and throws up a bit9 block on the non-existing "script." I updated the driver to the newest driver on Intel's site (not Lenovo's site, which we tend to only use Lenovo approved drivers) and it seems to stop on my test workstation. I'm reaching out to some of our users to get it installed tonight and see if that resolution works or not.
Bit9/Carbon black software is pretty good at determining if the script is approved or not based upon it's hash, which it seems if it's an identical copy of the one that's approved it will work, but could be an identical named file but something doesn't match in the hash therefore it doesn't run. I tried manually typing out the file and it didn't match hash and wasn't approved.)
And that somewhat solution was very short lived... It appears to regenerate this file or try to run the file that doesn't exist on the system. I'd love to find out what/where is calling this thing out and either remove it or redirect it to a location that can be trusted. I don't really care about having the icon in the tray or not. I've got this model PC out to about 40 people and they are all complaining DAILY to our helpdesk. When our helpdesk is 2 people that's a lot of complaints that shouldn't need to even happen.
Amy C. - like sohmageek we are also experiencing serious enterprise delays with this issue. Please report back with the solution or a means to disable this batch file ASAP.
On our end - we have hundreds of devices sitting unused waiting on a solution from intel (and we are paying a full time employee to spend his days trying to sort a solution on our own since intel is quite slow in accomodating)
Could you also elevate the priority of my case? I could not see a way to elevate the case on my own. We really do need a solution, it's been almost 2 weeks now.
This message was posted on behalf of Intel Corporation
Thank you for your patience.
Based on our review, this can be considered a false positive on the Anti-Virus or protection software. Our suggestion can be to include igfxEM.exe, IgfxCUIService.exe, igfxHK.exe in the application's white-list, or otherwise report it to the app developer so it gets white-listed by them.
2 of 2 people found this helpful
Missed the point. It's not the executables. It's the batch file that launches them. Whitelisting solutions will normally block a random batch file in a user-writable directory, which is how Intel is launching these executables. Instead of a batch file, Intel should use any of a number of other available means for launching programs at startup, at logon, etc. But not a batch file in a user-writable directory.
This is about whitelisting, too, not about anti-virus software.
Let's try again...
2 of 2 people found this helpful
Great! They are. The batch files aren’t as they kee coming back. I want them to stop. It’s the batch files that are not white listed. It’s not antivirus program it’s whitelisting. Antivirus is blacklisting. Please help with this. Intel is large enough that batch files shouldn’t be the method of running things.
So based on your review you came back with the EXACT SAME RESPONSE that I was given when I opened this case? The exact same response that I rejected and then explained why this answer is incorrect?! That is the answer I am getting after 2 long weeks of waiting?
Did you even bother to read the issue?
TELL ME HOW TO DISABLE THE BATCHFILE. THAT IS THE ANSWER I REQUIRE. We can not and will not white-list a batchfile in a user-writable directory that deletes itself when it is finished. That kind of action screams malware and security will not sign off on something like that which can be easily compromised.
Please elevate this case to someone else that is capable of reading and understanding the issue.
1 of 1 people found this helpful
Amy, I'd be happy to get on a phone call with your engineers to discuss the issue and various ways to resolve it. I work for Microsoft and specialize in the Windows platform -- I can definitely help get the issue taken care of. You or they can reach me by email: aaronmar at microsoft.com.