To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Access to process was blocked

dubinl W/ Alumni Posts: 1 Security Scout

Brand new F-Secure admins here (switched from Trend WFBS) so this is a stupid question I hope. We keep seeing the following alerts:

Security alert: Access to process was blocked.

From: COMPUTER, 2021-01-12 09:26:08 -05:00

Details: Access to process was blocked. Application path: C:\Windows\SysWOW64\OneDriveSetup.exe Path: C:\Program Files (x86)\F-Secure\Client Security\fshoster32.exe 

The first debate we had internally was does that mean F-Secure was blocked from that process OR that process was blocked via F-Secure?

We don't use onedrive and have it (apparently not well enough) beaten into a corner and shouldn't be running...but this is also confusing with what's triggering what.

Best Answer

  • MonikaL
    MonikaL W/ Alumni Posts: 206 W/ Former Staff
    edited January 2021 Solved


    This is usually an alert prompted by Dataguard. This means the application was blocked by F-Secure. If the blocked application (for example, OneDrive, Firefox etc.) is in the Windows Users or AppData directory, it is not by default a trusted application location and therefore it will be blocked if it tries to access a file that is located in a protected location. 

    If the setting Discover trusted applications automatically is enabled, only applications that are installed under the 'default trusted locations' or utilizing 'default trusted processes' will be allowed to make changes to DataGuard Monitored folders automatically.

    How to add the application to the DataGuard Trusted applications list:

    Log in to the Policy Manager Console

    Select a host or policy domain from the Domain Tree

    Go to the Settings tab

    Go to the DataGuard settings page

    Scroll down to the Trusted applications table and click Add

    Write the full application path to the Applications field

    Distribute the policy (Ctrl + D).

This discussion has been closed.