Update BIOS - Block cmd.exe

  • 1
  • Question
  • Updated 3 months ago
  • In Progress
I have updated my Lenovo 920 BIOS and am using TrendMicro Maximum Security. After the update I got a message that cmd.exe was blocked. I unblocked it - is that the correct decision or is there something I should be concerned about relating to cmd.exe?
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb

Posted 3 months ago

  • 1
Photo of Tom Emmelot

Tom Emmelot, Champion

  • 18,668 Points 10k badge 2x thumb
Hi stevenkencarter

Welcome to TM Home users Community, a public site where volunteers try to help each-other , also there are TM Employees that can give answers, that is only at working hours. I am just a volunteer!
Yes it is save to unblock, but check if your Bios update is done the right way. If not do the update again and this time first "Exit" TM !
Good luck.

Kind regards,
Tom
Photo of claudiu_botezatu

claudiu_botezatu

  • 2,538 Points 2k badge 2x thumb

No, it is not safe to just unblock it, see here:

https://forum.avast.com/index.php?topic=38992.0


and here:

https://support.kaspersky.com/avzscripts/tsw.avz.52

You should investigate deeper, before just "unblocking"

(Edited)
Photo of TM_Malik

TM_Malik, Employee

  • 7,374 Points 5k badge 2x thumb
Thank you so much for helping out, Tom Emmelot and claudiu_botezatu! :)

Welcome to the Home Users Community, stevenkencarter.

Can we ask for the detection type? You can send a screenshot for that. Please open the Trend Micro main console, click on the "Security Reports" icon then click on "See more details..."

Thank you!

Trend Micro Home Users Community
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
Here is what I see:

Photo of TM_Malik

TM_Malik, Employee

  • 7,374 Points 5k badge 2x thumb
Thank you for the screenshot, stevenkencarter.

How did you configure the Folder Shield feature? Please make sure to add only folders that contain personal files... not C:\Users or the whole C: drive and the likes.

You can check it on the Data tab on the main console.

Trend Micro Home Users Community
(Edited)
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
The folders protected are under my user name: Desktop, Documents, Favorites, Google Drive,
Music, OneDrive, Pictures.  I also have Windows 10 upgrade protected.
Photo of TM_Malik

TM_Malik, Employee

  • 7,374 Points 5k badge 2x thumb
I see. Sorry but it's not safe to unblock it so please have it removed to the exception list first. You may go to Main Console > Settings > Exception List.

For now, please try running the Trend Micro Anti Threat Toolkit (for 32-bit and 64-bit systems) just to check it further. It's possible that a certain app is running commands on your PC and this may be caused by a Potentially Unwanted Program. Kindly uninstall any unfamiliar programs installed on your PC via Programs and Features on Control Panel. Look out for publishers "Slimware..." and "Mindspark..."

By the way, when do you exactly receive the pop up message? 

Trend Micro Home Users Community
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I got the message immediately after I updated the BIOS when I downloaded the update from Lenovo and rebooted.
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I don't see any unwanted programs.  I looked especially for Slimware and Mindspark.
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I ran the Anti Threat Toolkit and fixed the following:

Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
Do you have an idea what the threats are?
Photo of TM_Malik

TM_Malik, Employee

  • 7,210 Points 5k badge 2x thumb
Hello, stevenkencarter.

It's possible that the update you have downloaded is a trojan virus or your PC was infected even before installing the Trend Micro program then the payload (malicious script) has just manifested.

You can provide us the steps on how you have updated your Lenovo's BIOS to investigate further. Thank you!

Trend Micro Home Users Community
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I downloaded and installed the following from Lenovo:

Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
And how they might or might not have been related to the BIOS update from Lenovo?  This is the update I did this morning:

Photo of claudiu_botezatu

claudiu_botezatu

  • 2,538 Points 2k badge 2x thumb

Why don't you inspect your cmd.exe on virus total?

Or run another antivirus online (like Avira or ESET) for a second opinion?

Photo of TM_Phebs

TM_Phebs, Employee

  • 2,486 Points 2k badge 2x thumb
Hi stevenkencarter!

May I know how you updated your Lenovo's BIOS? Also, is it still being detected by Trend Micro?

Regards
Photo of TM_Malik

TM_Malik, Employee

  • 7,374 Points 5k badge 2x thumb
Hi, stevenkencarter.

How do you access this file that you have downloaded? Is it from a certain website or do you get that by opening a program? Moreover, are you still receiving the "block cmd" message after unblocking that file?

By the way, the picture is a bit blurry. Please try and send another copy of the picture that's a bit clearer. Thank you!

Trend Micro Home Users Community
(Edited)
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
Hopefully, that is clearer.  
Photo of TM_Malik

TM_Malik, Employee

  • 7,210 Points 5k badge 2x thumb
Thank you for the clearer image but we still do not have any information how you got those updates from. Please provide a detailed step by step procedure how you came across with those updates.

From what I see here, I think the update that you have installed is legit but we need the steps on how you got those so that we can investigate further.

Thank you!

Trend Micro Home Users Community
(Edited)
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I ran virustotal on cmd.exe and 67 showed it as clean.
Photo of TM_Malik

TM_Malik, Employee

  • 7,210 Points 5k badge 2x thumb
Do you have any screenshot of what has been detected and what the scan showed you after the scan?

Trend Micro Home Users Community
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I ran Windows Defender Advanced Scan and found no viruses>

Photo of Tom Emmelot

Tom Emmelot, Champion

  • 18,668 Points 10k badge 2x thumb
Hi stevenkencarter

Just as i told you, i advice wen you do a bios update or a Graphics Card driver update to put off any AV program because they can interrupt your update in a nasty way! But always be sure that the update is original from the resellers site! And be sure that after the reboot the AV it is up and working again.

Kind regards,
Tom
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
Thanks for your help.  I'll follow it when I do my next update.  My computer logs indicate that the BIOS was successfully installed.
Photo of stevenkencarter

stevenkencarter

  • 260 Points 250 badge 2x thumb
I also don't understand if I have a virus issue or not.   TM_Malik, Employee - do you have any advice?
Photo of TM_LouiseN

TM_LouiseN, Cloud Security Engineer

  • 424 Points 250 badge 2x thumb
Hi stevenkencarter,

Thanks for your response.

Since Trend Micro Anti-Threat Toolkit already removed those threats on your computer, you also did an additional scan using Windows Defender so it should be clean now. 
By the way, make sure that Trend Micro is the only antivirus protection running on your computer because it can cause conflict if you run 2 or more antivirus programs on the device. Furthermore make sure that the programs indicated on the link below are not installed on your computer.
Programs to remove before installing Trend Micro Security

All the best
Trend Micro Home Users Community
(Edited)
Photo of TM_Malik

TM_Malik, Employee

  • 7,374 Points 5k badge 2x thumb
Hi, stevenkencarter.

You may try running the Trend Micro Anti Threat Toolkit (for 32-bit and 64-bit systems) just to make sure everything is good to go on your end. It's possible that the other scan (virustotal) that you made has just detected some adwares which actually cannot pose any threats on your PC.

By the way, please be sure that you only have one antivirus program installed on your PC (Windows Defender is fine).

Trend Micro Home Users Community