dsilvers
@gvtc.com | verclsid.exe
Does anyone know what verclsid.exe is? It appeared after the MS updates today and was caught by process guard. It was allowed and there seem to be no unusual symptoms with the box. |
|
Cudni
La Merma - Vigilado
Premium,MVM
join:2003-12-20
Someshire | what was the location of the file? does PG keep a log?
Cudni |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12 | reply to dsilvers
It is a legit file. It is used to verify class IDs. |
|
amysheehan
Premium,VIP,MVM
join:1999-12-21
Huntington Beach, CA | reply to dsilvers
5.1.2600.2869 (xpsp_sp2_gdr.060316-1512)
Look in System32 dir=
 |
|
dsilvers
@gvtc.com
| reply to dsilvers
Thanks,
Verclisd.exe had never run before and after the update it ran a number of times. Part of the PG log follows. Just paranoid I guess.
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /i {000214e6-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f4-21d7-11d4-bdaf-00c04f60b9f0} /i {000214fa-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {fbf23b40-e3f0-101b-8488-00aa003e56f8} /i {0000010b-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /i {000214e6-0000-0000-c000-000000000046} /x 0x401 ]
13:57:08 [EXECUTION] "c:\windows\system32\verclsid.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [228]
[EXECUTION] Commandline - [ /s /c {2559a1f5-21d7-11d4-bdaf-00c04f60b9f0} /i {000214fa-0000-0000-c000-000000000046} /x 0x401 ] |
|
notmentat
join:2003-11-10
21334
| reply to hpguru
said by hpguru  :It is a legit file. It is used to verify class IDs. What is a class ID? |
|
notmentat
join:2003-11-10
21334 | reply to dsilvers
Hmm, I noticed that explorer runs verclsid.exe everytime I start an application for the first time (after the update). |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| There was a hang for no apparent reason last night when I right-clicked on the desktop to create a new folder, and that was when I found the verclsid.exe running in Task Manager. I ended the task and so far it has not returned.
Adding screenshots of the instances found. |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| reply to notmentat
said by notmentat :said by hpguru :It is a legit file. It is used to verify class IDs. What is a class ID? Attribute definitions:
id = name [CS]
This attribute assigns a name to an element. This name must be unique in a document.
class = cdata-list [CS]
This attribute assigns a class name or set of class names to an element. Any number of elements may be assigned the same class name or names. Multiple class names must be separated by white space characters.
The id attribute assigns a unique identifier to an element (which may be verified by an SGML parser). For example, the following paragraphs are distinguished by their id values: This is a uniquely named paragraph.
This is also a uniquely named paragraph.
The id attribute has several roles in HTML:
As a style sheet selector.
As a target anchor for hypertext links.
As a means to reference a particular element from a script.
As the name of a declared OBJECT element.
For general purpose processing by user agents (e.g. for identifying fields when extracting data from HTML pages into a database, translating HTML documents into other formats, etc.).
--
"Be simple, be earnest and spread that simplicity throughout everything you do." |
|
notmentat
join:2003-11-10
21334 | I don't think this class id, which is merely a HTML attribute, is the same thing as what verclsid.exe does. |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| Here we go:
Frequently asked questions (FAQ) related to this security update
Does this update contain any security-related changes to functionality?
Yes. Besides the changes that are listed in the "Vulnerability Details" section of this bulletin, this update includes the following changes in security functionality:
• This security update introduces a new file, Verclsid.exe. Verclsid.exe is used to verify a COM object before it is instantiated by Windows Explorer.
• This security update includes a Defense in Depth change which ensures that prompting occurs consistently in Internet zone drag and drop scenarios.
--
"Be simple, be earnest and spread that simplicity throughout everything you do." |
|
dsilvers
@gvtc.com
| reply to dsilvers
It seems to run a lot on my machine. My logs indicate it even runs at start up. Evidently it runs and then exits as it does not remain in the task manager. Process guard has been on this machine since it was new and Verclsid.exe had never started until after the update. Is it some sort of MS security measure? What does it do? Properties indicates it was created March 16, 2006. |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| reply to notmentat
said by notmentat :said by hpguru :It is a legit file. It is used to verify class IDs. What is a class ID? In COM it is a sub-type of the GUID which is used to distinguish unique program interfaces.
--
Get hpHOSTS! Member ASAP
hpHOSTS Online
Paranoia is no substitute for understanding. |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand | reply to dsilvers
Glad you pointed this out - it is still causing a long hang on the right-click function on the desktop. Interesting to say the least... |
|
hpguru
Curb Your Dogma
Premium
join:2002-04-12
| said by Sparrow :...it is still causing a long hang on the right-click function on the desktop. Interesting to say the least... No issues with that here. All the applied updates went smoothly. |
|
antiserious
The Future ain't what it used to be
Premium
join:2001-12-12
Scranton, PA
| reply to dsilvers
... glad I noticed this thread ... I've had Kerio pop up a few 'verify class ID' warning boxes since the updates (part of the Application Behavior Blocking feature in 4.2.3), I just denied them and saw no ill effects ... it's now listed as an application (verclsid.exe) in their GUI ... do you think this a one-time verify event, or is it likely to be an ongoing event ? ... guess I'll allow the next one and see what happens ...
... kind of like a little MS 'easter egg', and just in time ...
--
... "that good old-fashioned Medicated Goo" ... |
|
dsilvers
@gvtc.com | reply to dsilvers
Looking at process guard logs it seems verclsid.exe is always started by explorer.exe but does not run every time explorer.exe runs. So far so good, nothing broken. Some Easter egg Uh. |
|
supermann
@online.no
|  Hi! I think this file is causing major problems with my internet explorer. When i try to type in an adress everything stops, and when i click on a link (for example a link someone sent on messenger) explorer.exe crashes. But my favourites works fine, and my msn searchbar works too.. Any suggestions? |
|
Sparrow
Crystal Sky
Premium
join:2002-12-03
Sachakhand
| reply to dsilvers
I'm on the phone with MS now and reading this thread to them about the various problems encountered.
There is free unlimited tech support for Windows Update problems:
»support.microsoft.com/oas/defaul···id=6527& |
|
altermatt
Premium
join:2004-01-22
White Plains, NY
 ·Verizon Online DSL
1 edit | Probably too late but see my post here in the MS Update Bulletin thread that this file is creating havoc with Paint Shop Pro X (and probably other programs--that's just the one I know of), causing it to hang on opening.
I have emailed MS using the link Crystal Sky supplied above; it says they'll respond within a day.
See why I usually wait until at least Friday after Patch Tuesday? |
|
