08-12-2009 01:23 PM - edited 03-09-2019 10:30 PM
We have a message in the Event Log about a Kernel functionality being modified by the module:
\\??\Windows\system32\drivers\mkbd.sys
\\??\Windows\system32\drivers\mkbd.sys is monitoring the keyboard.
Any idea what the "??" mean? We can't use the wizard to tune it.
Thanks in advance.
08-14-2009 02:36 PM
Could be vmware workstation virtual keyboard driver. You should be able to whitelist as an option in the wizard.
08-16-2009 08:52 AM
Hi Jan,
Thanks for the reply.
When we try to whitelist via the Wizard the CSAMC throws an error and doesn't allow this operation to procede.
I am opening a TAC case and will post results.
08-17-2009 04:31 AM
What is the error that it throws ?
08-26-2009 09:26 AM
08-28-2009 01:34 AM
We have also faced similar issues with CSA 6.0 and this known issue is fixed in 6.0.0.220 and later versions.
09-11-2009 04:13 AM
You could manually write a rule using **\Windows\system32\drivers\mkbd.sys as a definition for the application. I suspect that @system would work as well. Just create an application class and add that as an exception to the triggering rule.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: