Loading Profile...
CounterSpy blocked essential services
Counterspy enterprise just blocked services.exe on a laptop for reasons best known to itself. Now I have a brick instead of a laptop. How can I unblock this? System restore won't run, can't see event logs (security id may not be the owner), and of course CounterSpy itself can't run as it is a service. It has removed all networking, so I can't do anything across the network. Stupid braindead program - now we'll have to completely rebuild the machine. I've put in a support ticket, but have had no reply yet. Do you think we'll be renewing our licences...?
2
people have this problem
I have this problem, too!
Tell me when someone solves it.
The more people who report this problem, the more it gets noticed.
The more people who report this problem, the more it gets noticed.
Create a customer community for your own organization
Plans starting at $19/month
-
Inappropriate?This occurred because of a change that Microsoft made to the code in Services.exe recently. This should not have been quarantined, but may have been due to a configuration problem. If you have the security monitors set to anything other than default, this could be responsible.
To reset the AP Security monitors to default:
1. Open the CSE console
2. Select the policy for the machine that CSE quarantined "Services.exe" on
3. Select the "Active Protection" tab
4. Click "Edit" in the "Monitors" section
5. Click "Security Levels"
6. Choose "Default" from the options
These monitors are typically used by support to resolve certain detection issues. It is highly advisable to leave them at default unless otherwise instructed by support.
To restore the machine, you can either copy "services.exe" from another machine and using safe mode with command prompt, or perhaps a dos boot disk, copy the file to "C:\Windows\System32" or you can restore it from the windows CD. -
Inappropriate?Well Brian, thanks. So it was Microsoft's fault that the laptop is now useless. I see. But that really doesn't help. The laptop has no networking now (or any other services), so it can't receive a new policy. What I need to know is how to reverse the damage locally on the laptop. I can expand services.exe from the recovery console, but as soon as anyone logs on, the laptop shuts down again as CounterSpy removes it again. The NIC is configured for a differerent site so it can't receive a new policy. How do I stop CounterSpy from running?
I’m frustrated and sad
-
Inappropriate?Worked out how to stop it running. Renamed driver files sbap*.sys from recovery console. Booted to safe mode and was then able to disable the service. Now I can boot normally and change NIC settings, restart service, disable active protection and get automated uninstall of agent, since you can't uninstall it from Control Panel. Now to see if it survives a reboot. I had no idea that "Block" meant completely remove this application.
I’m better than I was
-
Inappropriate?Ok, please just let us know if this works.
