No, this answer is completly incorrect and does not apply. As stated, this is not a virus scanner that is blocking the file. It is a tool from Carbon Black called Bit9 which is a corporate file protection tool that prevents unauthorized files from making changes on PCs. Users can not run any exe or batch that is not authorized by Bit9. Symantec handles virus and it doesn't care about the batch file.

None of those linked threads, which I already read, address my original question - HOW TO DISABLE the batchfile from running?

I am still in need of a solution for disabling this intel batch file.

How do I open a higher priority case?

I have opened another case with Intel directly through the support system. IF I get a working answer I will post it here for the others that will get snagged by this same problem.

I've opened a case with Carbon black for the same reason, however it seems to not happen every single time, also the details of the block aren't available for me to look into (which they require for their case) It's very frustrating dealing with opening cases with Carbon Black/Bit9 for things that seem to not always happen...

Thanks for the update @sohmageek. We get the block every time, and our IT Security has looked at the situation as well. They say this "looks scummy" even though they know it is from Intel, it still looks malware-like.

We aren't really interested in whitelisting this batch file, thus the need to disable it completely so users stop getting notified.

I am really sorry to hear you are having issues with this matter, I would like to gather more information about this matter so please check the following form, fill it and post it here: Default level information for reporting Graphics issues

Thank you.

Regards,

Amy C.

The link posted "Default level..." does not work. It takes me to a "JIVE - OOPS! We can' seem to find that page" error. I am logged in to the site with my profile.

UPDATE : link still does not work. I would be happy to provide the information, but I can not.

Please try the following: https://communities.intel.com/thread/77761 https://communities.intel.com/thread/77761

 

 

Regards,

 

Amy C.

Category

Questions

Answers (N/A if not applicable)

Description

Provide a detailed description of the issue

After installing the latest intel driver, a batch file wants to run with every log in.

Please place an X to the right of the option showing how often you see this issue using specific steps. (Ex: 'Every few times a game is started it flickers.' <- This would be "Often")<p> 

Always (100%): X

Often (51-99%):

Sporadic (20-50%):

Very Sporadic (<20%):

Hardware (HW)

Brand and Model of the system.

Toshiba Portege R-30C

Hybrid or switchable graphics system?

 

ie Does it have AMD or NV graphics too?

No other graphics adapters

Make and model of any Displays that are used to see the issue (see note2 below). 

LFP = Local Flat Panel (Laptop panel)

 

EFP = External Flat Panel (Monitor you plug in)

LFP

How much memory [RAM] in the system (see note2 below).

8Gb

Provide any other hardware needed to replicate the issue.

 

ie: Cables&brand, cable type [vga, hdmi, DP, etc], dock, dongles/adapters, etc

N/A

Hardware Stepping (see note1 below).

Intel(R) HD Graphics 520

Software (SW)

Operating System version (see note2 below).

Windows 10 v1607

VBIOS (video BIOS) version. This can be found in "information page" of CUI (right click on Desktop and select "Graphics Properties".</...

I'm dealing with a very similar problem, using Windows AppLocker as the whitelisting solution. C:\Intel is a user-writable directory, so we don't want to create a path rule allowing execution of anything that happens to be in C:\Intel, because whitelisting can easily be bypassed by any user simply by copying unauthorized code into that directory and running it.

There are so many ways to get programs to run at user logon -- it seems substandard to do so by creating a batch file in a user-writable directory. There are better ways to do this...

What functionality is lost if this batch file isn't allowed to run?

Thanks.

-- Aaron Margosis

Microsoft

Agreed Aaron. Intel should just put their services in any of the many known/accepted areas available for startup commands/services. This process seems very questionable.

We have difficutly just finding the batchfile to examine it but in this post " ," the batch file contains the following contents :

@echo off

if exist igfxEM.exe start igfxEM.exe

if exist igfxHK.exe start igfxHK.exe

if exist igfxTray.exe start igfxTray.exe

del /Q {A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

And on our end we have noticed the loss of the Intel Tray Icon, the Intel Graphics Properties desktop context (right-click) menu option and, although untested right now, I will guess that the HotKey functionality is also lost (due to igfxHK.exe not starting).

jlandria, thank you for that information.

I will review this matter, and update the thread as soon as possible.

Regards,

Amy C.

Amy C., can you find out for us what each of those three executables is for and what each of them does?

FWIW, I have all kinds of OEM icons in my notification area ("tray") for controlling video, audio, touchpad, etc., and I never use any of them. I doubt I would miss them if they weren't there, and I doubt that video, audio, etc. performance would suffer in any way. The big difference is that they all start from auto-start extensibility points (ASEPs) that are manageable from whitelisting solutions. So for these Intel executables, if they aren't important for end users, I'd rather not bother going through contortions to create whitelisting rules allow these batch files to execute.

Thanks.

Amy C. - if a solution is not forthcoming, can you please just answer the original question - how do I disable this stupid batchfile from running?

Amy C

I can fill this out also: It's the same issue however, the batch files being needed after the install of the driver.

Category

Questions

Answers (N/A if not applicable)

Description

Provide a detailed description of the issue

Bit9/Carbon black is blocking the Batch file need to be able to disable the batch file

Please place an X to the right of the option showing how often you see this issue using specific steps. (Ex: 'Every few times a game is started it flickers.' <- This would be "Often")<p> 

Always (100%):

Often (51-99%): x

Sporadic (20-50%):

Very Sporadic (<20%):

Hardware (HW)

Brand and Model of the system.

Lenovo Thinkcenter M10MR-0047US

Hybrid or switchable graphics system?

 

ie Does it have AMD or NV graphics too?

No

Make and model of any Displays that are used to see the issue (see note2 below). 

LFP = Local Flat Panel (Laptop panel)

 

EFP = External Flat Panel (Monitor you plug in)

EFP -many models, it's happening over our fleet we have 20 of these deployed now.

How much memory [RAM] in the system (see note2 below).

8 GB

Provide any other hardware needed to replicate the issue.

 

ie: Cables&brand, cable type [vga, hdmi, DP, etc], dock, dongles/adapters, etc

It's the graphics driver depending n running this batch file, hardware (other than the graphics) independant

Hardware Stepping (see note1 below).

Software (SW)

Operating System version (see note2 below).

Windows 7 Enterprise 64 Bit

<td style="border-width: medium 1pt 1pt medium; border-style: none solid solid...

I've gotten it to stop occurring on some boots by copying the batch files to a trusted directory and then copying them to the location on the C drive (basically approving the file) it will run when the file is present. However it seems if the file is changed (the hash of the file is different therefore unapproved) or not present it still tries to run the missing file and throws up a bit9 block on the non-existing "script." I updated the driver to the newest driver on Intel's site (not Lenovo's site, which we tend to only use Lenovo approved drivers) and it seems to stop on my test workstation. I'm reaching out to some of our users to get it installed tonight and see if that resolution works or not.

Bit9/Carbon black software is pretty good at determining if the script is approved or not based upon it's hash, which it seems if it's an identical copy of the one that's approved it will work, but could be an identical named file but something doesn't match in the hash therefore it doesn't run. I tried manually typing out the file and it didn't match hash and wasn't approved.)

And that somewhat solution was very short lived... It appears to regenerate this file or try to run the file that doesn't exist on the system. I'd love to find out what/where is calling this thing out and either remove it or redirect it to a location that can be trusted. I don't really care about having the icon in the tray or not. I've got this model PC out to about 40 people and they are all complaining DAILY to our helpdesk. When our helpdesk is 2 people that's a lot of complaints that shouldn't need to even happen.

Amy C. - like sohmageek we are also experiencing serious enterprise delays with this issue. Please report back with the solution or a means to disable this batch file ASAP.

On our end - we have hundreds of devices sitting unused waiting on a solution from intel (and we are paying a full time employee to spend his days trying to sort a solution on our own since intel is quite slow in accomodating)

Could you also elevate the priority of my case? I could not see a way to elevate the case on my own. We really do need a solution, it's been almost 2 weeks now.