Process explorer won't work within profile

[computerdoc]

A user has Dell Laptop running Windows 7 Professional and had some speed issues. I tried to run Process Explorer and it wouldn't start. It had run successfully on this machine previously.

I checked in Google and didn't find anything dealing with this.

I created a new user and it ran fine within that profile. I created another new user to fix the original profile and just copying the original info in the user directory from old profile to new profile didn't really emulate the original profile closely enough. I copied more of the profile data using Beyond Compare synch.

The new profile seems to have the functionality of the original profile (which I didn't delete) but the desktop icons are not set up in the same way and some of the options like single click activation didn't come over. However, process explorer works in the new profile

I can run process explorer in another small user profile which would also indicate what's happening in the main profile so the questiion is should I push to totally replace the old profile or just use the other user for process explorer stuff.

 

[nlinecomputers]

You've got some group policy in place to prevent it from running. Run Tweaking.com AIO repair tool on it.

 

[computerdoc]

The process explorer tasks appear in task manager so it is not being stopped from starting.

I ran tweaking.com first seven repairs and also remove policies set by infections and other possibly related items and it did not fix the problem.

 

[ell]

I had trouble with this with my win 8.1 machine, found it only worked if I ran it as admin. Try pasting this in a elevated cmd prompt:

\\live.sysinternals.com\tools\procexp.exe

 

[computerdoc]

When I try \\live.sysinternals.com\tools\procexp.exe in an elevated command prompt I get the network path was not found

 

[Markverhyden]

When I try \\live.sysinternals.com\tools\procexp.exe in an elevated command prompt I get the network path was not found

What happens when you try other commands under elevated CLI. Can you ping an IP? If yes how about an FQDN? Can you initiate an ftp session? Try verhyden.org, you should get a username response. When you open an elevated CLI where are you? In the user profile or somewhere else. Type in

echo %cd%

and that will tell you where you are. And your description has many of the classic symptoms of a possible malware issue. Of course it could also just be a hosed user profile. Here is a link to reset GP. http://www.sevenforums.com/tutorials/214461-local-group-policy-reset-default.html

 

[computerdoc]

I can ping google.com. Pinging http:\\www.google. com yields Ping request could not find host http:\\www.google.com. Please check the name

Can you initiate an ftp session?

yes. ftp ftp.microsoft.com works.

When you open an elevated CLI where are you? In the user profile or somewhere else.

I'm at the top of the profile - users\david

If the process explorer executable appears in task manager wouldn't that indicate that it's not a policy issue?

 

[Markverhyden]

Pinging http:\\www.google. com yields Ping request could not find host http:\\www.google.com. Please check the name

You cannot ping a protocol, ping http, which is what you tried to do. You also had your slashes backwards. Should be http://.

If the process explorer executable appears in task manager wouldn't that indicate that it's not a policy issue?

For grins I spun up my W7 Pro VM and I am getting the same symptom - network path not found. Tried pinging live.sysinternals.com and that also fails. So I wonder if they are having a problem. But I find it interesting that you were able to create a new profile and have it run.

 

[Bubbajoe]

procexp.exe spawns procexp64.exe which runs by default from the %temp% directory.

I'm guessing the %temp% directory in the original profile has dorked permissions?

I know I had to add a custom whitelist in CryptoPrevent's Group Policy editor to allow process explorer to run. The default GP was blocking *.exe's from within the %temp% directory....

 

[Markverhyden]

When run from IE in the VM it works fine - http://live.sysinternals.com/tools/procexp.exe. Using \\live.sysinternals.com\tools\procexp.exe at CLI does not. But those two methods are using different ports. My VM is just a stock load. No AV, GP or any other security stuff.

 

[computerdoc]

Bubbajoe,

"I know I had to add a custom whitelist in CryptoPrevent's Group Policy editor to allow process explorer to run. The default GP was blocking *.exe's from within the %temp% directory...."

CryptoPrevent is active on this machine also. How do you add a whitelist to CryptoPrevent's Group Policy?

 

[Bubbajoe]

Bubbajoe,

"I know I had to add a custom whitelist in CryptoPrevent's Group Policy editor to allow process explorer to run. The default GP was blocking *.exe's from within the %temp% directory...."

CryptoPrevent is active on this machine also. How do you add a whitelist to CryptoPrevent's Group Policy?

Advanced/Software Restriction Policy Editor.

Add custom whitelist policy: %userprofile%\AppData\Local\temp\procexp64.exe

 

[Mokester]

So end user doesn't need to use process explorer? Then just set the new account to a default company tech account for you and be done with it. Sure PE not running is an issue, but if the end user is not noticing any problems, then leave it be.

Something is screwy in his user profile as creating a new one doesn't have the problem. If you'd like to fix the issue on his profile, then create a new one and just assist with setup to get it to emulate the old profile....much faster resolution than digging through registry...and a known solution that you've already confirmed will work. Just my 2 cents.

 

[computerdoc]

I already copied the original profile to a new one and it allowed process explorer but it was different in desktop layout and some other settings which would take some work to emulate. I can get process explorer to work in a small user profile which shows all activity on the machine so I guess that's the best solution for now.

 

[Bubbajoe]

I already copied the original profile to a new one and it allowed process explorer but it was different in desktop layout and some other settings which would take some work to emulate. I can get process explorer to work in a small user profile which shows all activity on the machine so I guess that's the best solution for now.

Did you add the custom whitelist in the original profile? If CP was installed in that profile, then I can guarantee that it was blocking process explorer....