Applies to: Windows Server 2008, Windows Server 2008, Windows 7, Windows Vista
Product |
Windows Operating System |
ID |
11 |
Source |
WinInt |
Version |
6.1 |
Message |
Custom dynamic link libraries are being loaded for every application. The system administrator should review the list of libraries to ensure that they relate to trusted applications. |
If an application enables AppInit DLLs, the Windows operating system logs a warning
in the System Event Log. The event log entry includes a list of the DLLs that are loaded
by using the AppInit_DLL mechanism. You can view this list on the Details tab in Event
Viewer. Windows Initiator (WinInt) logs this warning one time for each boot session.
In Windows Vista, Windows 7, and Windows Server 2008 R2, the AppInit_DLLs infrastructure
is disabled by default.
Code sign DLLs: We recommend that you code sign all DLLs that the AppInit_DLLs infrastructure
loads into Windows 7. But for application compatibility, by default Windows 7 loads all AppInit
DLLs, regardless of whether these DLLs are code signed. Never-the-less, we recommend that
you digitally code sign your AppInit DLLs to help improve the reliability and security of Windows
7 and to prepare for more stringent code-signing requirements in future versions of Windows.
In Windows 7, the RequireSignedAppInit_DLLs registry value controls whether AppInit DLLs must
be code signed.This value is set to 0 (load any DLLs) by default.
Windows Server 2008 R2, all DLLs that load by using the AppInit_DLLs infrastructure must be
code signed. The RequireSignedAppInit_DLLs registry value is set to 1 (load only code-signed DLLs) by default.
Run DLLs only in required processes: The AppInit_DLLs infrastructure loads the specified DLLs
in all user-mode processes on the system. If an AppInit DLL must provide API hooks only to specific
processes, the DLL should call the GetModuleFileName function from within DllMain to retrieve the name
of the process in which it is loaded. If the process is not a process that requires the API hook that the
AppInit DLL provides, the DLL should simply return from DllMain. For more information, see
AppInit
DLLs in Windows 7 and Windows Server 2008 R2.
AppInit
DLLs in Windows&nb/197571" target="_blank">Working with the AppInit_DLLs registry value
Boot Configuration Data in Windows Vista
Protected Processes in Windows Vista