Random Crash with No Errors

Just happened again...Nothing in the event log, but this time it actually Deleted the RemoteDesktopManager64.exe from the program files.


I was trying to launch a PowerShell session with an embedded script when it crashed/closed.

Looks like there's a powershell ConsoleHost_history.txt file locked (Ran powershell as Admin):

Error reading or writing history file 'C:\Users\username\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt': Access to the path 'C:\Users\username\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadline\ConsoleHost_history.txt' is denied.


Tried running the repair install without rebooting again...





12:45:09.0099809 PM msiexec.exe 7024 CreateFile C:\Program Files (x86)\Devolutions\Remote Desktop Manager\RemoteDesktopManager64.exe ACCESS DENIED Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Open No Recall, Attributes: n/a, ShareMode: None, AllocationSize: 0


Currently Running System Processes:
(System processes taken while the "verify that you have access to that directory" message was being displayed.



C:\WINDOWS\system32\lsass.exe winlogon.exe c:\windows\system32\svchost.exe -k dcomlaunch -p -s PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-afb18884-f790-4226-8560-0973c770e428 -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-09baf6ae-1c4b-4b59-9f17-3954e4c443af -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-d4a6de7c-757d-483b-9fb6-153b54b97223 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-fb0cea5a-8947-4eb6-8d2a-4e12989b4fc0 -LifetimeId:f7385c51-3c9e-4aa4-879d-268b3aa4e950 -DeviceGroupId:WudfDefaultDevicePool "fontdrvhost.exe" "fontdrvhost.exe" c:\windows\system32\svchost.exe -k rpcss -p c:\windows\system32\svchost.exe -k dcomlaunch -p -s LSM "dwm.exe" c:\windows\system32\svchost.exe -k networkservice -s TermService c:\windows\system32\svchost.exe -k netsvcs -p -s BDESVC c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s lmhosts c:\windows\system32\svchost.exe -k localservice -p -s nsi c:\windows\system32\svchost.exe -k localservice -p -s bthserv c:\windows\system32\svchost.exe -k localservice -s W32Time c:\windows\system32\svchost.exe -k localservice -p -s BthAvctpSvc c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s Dhcp c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s NcbService c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s TimeBrokerSvc c:\windows\system32\svchost.exe -k networkservice -p -s Dnscache c:\windows\system32\svchost.exe -k netsvcs -p -s Schedule c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s hidserv C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p c:\windows\system32\svchost.exe -k netsvcs -p -s ProfSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s BTAGService c:\windows\system32\svchost.exe -k netsvcs -p -s UserManager c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s UmRdpService c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s DeviceAssociationService c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s HvHost c:\windows\system32\svchost.exe -k appmodel -p -s camsvc c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc "C:\Program Files\Broadcom\CV\bin\UshUpgradeService.exe" C:\WINDOWS\system32\atiesrxx.exe c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s EventLog c:\windows\system32\svchost.exe -k networkservice -p -s LanmanWorkstation c:\windows\system32\svchost.exe -k netsvcs -p -s SessionEnv c:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s WinHttpAutoProxySvc c:\windows\system32\svchost.exe -k netsvcs -p -s iphlpsvc c:\windows\system32\svchost.exe -k networkservice -p -s NlaSvc c:\windows\system32\svchost.exe -k localservice -p -s netprofm c:\windows\system32\svchost.exe -k localservice -p -s EventSystem c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SCardSvr dashost.exe {8dce3f12-9695-451e-827653c240d621c1} "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-58f5c951-8826-4273-810c-d47c2a99fc5c -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b4a4d6b7-b2fd-45b8-b846-e83f54c4f18b -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-46bea611-d495-44ee-8243-0c6c89ed549f -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cf550688-a7ad-43be-b737-7c971494954f -LifetimeId:e1044b5a-0dee-40c8-a6fb-98be643d59e8 -DeviceGroupId:WudfDefaultDevicePoolPriorityHigh c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -p -s PolicyAgent c:\windows\system32\svchost.exe -k localservice -p -s FontCache c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -p -s SSDPSRV c:\windows\system32\svchost.exe -k netsvcs -p -s Themes c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s SysMain c:\windows\system32\svchost.exe -k netsvcs -p -s SENS atieclxx c:\windows\system32\svchost.exe -k appmodel -p -s StateRepository C:\WINDOWS\System32\DriverStore\FileRepository\ki124456.inf_amd64_a8247e1cbd37c424\igfxCUIService.exe c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s AudioEndpointBuilder "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-8b997618-f7ab-4dff-a76c-4ee7235485ba -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-b2247207-e54a-4366-a023-5ba5499fb4cb -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-0f44b362-0343-4f67-9502-0d9a1da14019 -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-ed9cb799-f4a1-4e23-901c-6b8d442cc0cc -LifetimeId:3d9b2d27-40e7-4369-bb31-879e2a10300d -DeviceGroupId: "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9a6c6cd9-9c3f-4fa3-9e19-f11f0003be1b -SystemEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-cf08a875-6d03-40d3-b49b-b0371560aae0 -IoCancelEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-60326063-46f5-4b46-b9c9-db4ce6f915fb -NonStateChangingEventPortName:\UMDFCommunicationPorts\WUDF\HostProcess-9bd38dab-3408-4acc-b201-15371aa2d612 -LifetimeId:3eead28c-0142-412e-9796-531d2c0fcba7 -DeviceGroupId: c:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer C:\WINDOWS\system32\SearchIndexer.exe /Embedding C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p c:\windows\system32\svchost.exe -k netsvcs -p -s ShellHWDetection "c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe" C:\WINDOWS\System32\spoolsv.exe "C:\Program Files\Broadcom\CV\bin\HostControlService.exe" "C:\Program Files\Broadcom\CV\bin\HostStorageService.exe" c:\windows\system32\svchost.exe -k apphost -s AppHostSvc c:\windows\system32\svchost.exe -k networkservice -p -s CryptSvc "C:\Program Files\DellTPad\HidMonitorSvc.exe" C:\WINDOWS\System32\svchost.exe -k utcsvc -p "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service "C:\Program Files\Dell\PPO\Telemetry\dpoTelemetrySvc.exe" "C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe" C:\WINDOWS\System32\DriverStore\FileRepository\ki124456.inf_amd64_a8247e1cbd37c424\IntelCpHDCPSvc.exe "C:\Program Files\Bitdefender\Endpoint Security\epag.exe" c:\windows\system32\svchost.exe -k netsvcs -p -s IKEEXT "C:\Program Files\Bitdefender\Endpoint Security\EPIntegrationService.exe" /service "C:\Program Files\Bitdefender\Endpoint Security\EPUpdateService.exe" /service "C:\Program Files\Bitdefender\Endpoint Security\bdredline.exe" "C:\Program Files\Intel\WiFi\bin\EvtEng.exe" "C:\Program Files\Bitdefender\Endpoint Security\EPSecurityService.exe" /service C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe c:\windows\system32\svchost.exe -k localservicenonetwork -p -s DPS C:\Windows\system32\IProsetMonitor.exe C:\WINDOWS\system32\ibtsiva C:\WINDOWS\system32\WLANExt.exe 1162588185040 "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe" "C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE" \??\C:\WINDOWS\system32\conhost.exe 0x4 "C:\Program Files (x86)\AT&T Global Network Client\NetAutoconnectFocusSvc.exe" "C:\Program Files (x86)\AT&T Global Network Client\netcfgsvr.exe" "C:\Program Files (x86)\AT&T Global Network Client\NetClientSvc.exe" "C:\Program Files (x86)\AT&T Global Network Client\NetLogSvc.exe" "C:\Program Files\Dell\PPO\poaSmSrv.exe" "C:\Program Files\Dell\PPO\poaService.exe" C:\WINDOWS\system32\wbem\wmiprvse.exe "C:\Program Files\Dell\PPO\poaTaServ.exe" c:\windows\system32\svchost.exe -k localservice -p -s SstpSvc "C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe" "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" C:\WINDOWS\system32\svchost.exe -k imgsvc "C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe" c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TrkWks "C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe" /service c:\windows\system32\svchost.exe -k iissvcs "C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe" c:\windows\system32\svchost.exe -k netsvcs -p -s WpnService C:\WINDOWS\system32\vmms.exe "C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe" c:\windows\system32\svchost.exe -k networkservice -p -s TapiSrv "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SENDINPUT "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /DELLGRM MSOIDSvcm.exe 5692 c:\windows\system32\svchost.exe -k localservice -p -s WdiServiceHost C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding C:\WINDOWS\system32\wbem\wmiprvse.exe c:\windows\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding C:\WINDOWS\System32\DriverStore\FileRepository\ki124456.inf_amd64_a8247e1cbd37c424\IntelCpHeciSvc.exe c:\windows\system32\svchost.exe -k netsvcs -p -s NetSetupSvc C:\WINDOWS\system32\vmcompute.exe c:\windows\system32\svchost.exe -k netsvcs -p -s hns c:\windows\system32\svchost.exe -k netsvcs -p -s SharedAccess c:\windows\system32\svchost.exe -k netsvcs -s nvagent "C:\Program Files\DellTPad\Apoint.exe" "C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe" "C:\Program Files\Bitdefender\Endpoint Security\EPConsole.exe" /hidden sihost.exe c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc c:\windows\system32\svchost.exe -k netsvcs -p -s Eaphost C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s TabletInputService "ctfmon.exe" C:\WINDOWS\Explorer.EXE c:\windows\system32\svchost.exe -k netsvcs -p -s Appinfo c:\windows\system32\svchost.exe -k localservice -p -s CDPSvc "C:\Program Files\DellTPad\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113} c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s PcaSvc "C:\WINDOWS\System32\DriverStore\FileRepository\ki124456.inf_amd64_a8247e1cbd37c424\igfxEM.exe" "C:\Program Files\DellTPad\HidFind.exe" "Apntex.exe" \??\C:\WINDOWS\system32\conhost.exe 0x4 c:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker "C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe" "C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe" Thunderbolt.exe CONDITIONALLY_STARTED SILENT c:\Program Files\AMD\CNext\CNext\RadeonSettings.exe atlogon C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} "C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" -ServerName:CortanaUI.AppXa50dqqa5gqv4a428c9y1jjw7m3btvepj.mca C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe -Embedding c:\windows\system32\svchost.exe -k networkservice -p -s DoSvc c:\windows\system32\svchost.exe -k netsvcs -p c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -p -s StorSvc c:\windows\system32\svchost.exe -k localservice -p -s LicenseManager "C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe" -ServerName:SkypeHost.ServerServer c:\windows\system32\svchost.exe -k netsvcs -p -s lfsvc "C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe" -ServerName:Microsoft.ZuneVideo.AppX758ya5sqdjd98rx6z7g95nw6jy7bqx9y.mca C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe -Embedding C:\Windows\System32\RuntimeBroker.exe -Embedding "C:\Program Files\Windows Defender\MSASCuiL.exe" "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" /s "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /IM "C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe" startup_folder C:\WINDOWS\system32\wbem\unsecapp.exe -Embedding "C:\Program Files\Dell\PPO\DellPoaEvents.exe" "C:\Windows\System32\RtkUGui64.exe" -s "C:\WINDOWS\System32\DriverStore\FileRepository\ki124456.inf_amd64_a8247e1cbd37c424\igfxext.exe" -Embedding "C:\Program Files\Mozilla Firefox\firefox.exe" "C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe" -Jack "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.0.1789488248\1447981644" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - "C:\Users\username\AppData\LocalLow\Mozilla\Temp-{cd76b9ba-34c1-44b7-8e9e-504451793175}" 14424 "\.\pipe\gecko-crash-server-pipe.14424" 1560 gpu "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.3.1914012186\656620059" -childID 1 -isForBrowser -prefsHandle 2092 -prefsLen 21836 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 14424 "\.\pipe\gecko-crash-server-pipe.14424" 2180 tab "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.20.861092688\2103306817" -childID 3 -isForBrowser -prefsHandle 3712 -prefsLen 24858 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 14424 "\.\pipe\gecko-crash-server-pipe.14424" 2420 tab "C:\Users\username\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.27.1131979110\1394181954" -childID 4 -isForBrowser -prefsHandle 4488 -prefsLen 24880 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 14424 "\.\pipe\gecko-crash-server-pipe.14424" 4492 tab C:\Users\username\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\FileCoAuth.exe -Embedding "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe" /fromrunkey "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart "C:\Users\username\AppData\Local\GoToMeeting\8953\g2mstart.exe" "/Trigger RunAtLogon" "C:\Users\username\AppData\Local\GoToMeeting\8953\g2mcomm.exe" "Debug=On&Digest=83afe8cc638b63096b9389de10c136d7&Dir=C:\Users\username\AppData\Local\GoToMeeting\8953\&LoaderPath=C:\Users\username\AppData\Local\GoToMeeting\8953\g2mstart.exe&LogLevel=TERSE&LogName=c:\users\joel~1.stu\appdata\local\temp\logmeinlogs\gotomeeting\8953\2018-07-19_11.31.42.247\GoToMeeting.log&Path=g2mlauncher.exe&Plugin=G2MLauncher&PluginDebug=On&PluginStat=On&PluginStatDb=Off&Stat=On&StatDb=Off&Trigger=RunAtLogon&UniqueId=31a4" "C:\Program Files\Accellion\kiteworks\kiteworks.exe" -starthidden "C:\Users\username\AppData\Local\GoToMeeting\8953\g2mlauncher.exe" "StartID={6695F0E4-C320-4121-9A03-19C5247DEDD0}&Debug=On&Stat=On&StatDb=Off&Index=0" "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe" "C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe" /minimized "C:\Program Files (x86)\TechSmith\Snagit 13\SnagPriv.exe" "C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe" "C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE" /tsr "C:\Users\username\AppData\Roaming\Xink\Xink Client\emsclientup.exe" "C:\Users\username\AppData\Roaming\Xink\Xink Client\emsclient.exe" "C:\Program Files (x86)\TechSmith\Snagit 13\snagiteditor.exe" /X "C:\Program Files (x86)\AT&T Global Network Client\CellularPlugInController\CellularPlugInController.exe" -Embedding "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" "C:\Program Files (x86)\Microsoft Office\Root\Office16\UcMapi.exe" -Embedding c:\windows\system32\svchost.exe -k netsvcs -p -s BITS C:\Windows\CCM\CcmExec.exe "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" C:\WINDOWS\system32\wbem\wmiprvse.exe "C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE" "C:\Program Files\Internet Explorer\iexplore.exe" -startmanager -Embedding "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:19064 CREDAT:9474 /prefetch:2 c:\windows\system32\svchost.exe -k localservicenetworkrestricted -p -s wscsvc "C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe" "c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" c:\windows\system32\svchost.exe -k unistacksvcgroup "C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe" "C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe" C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe "C:\Program Files\Dell\DellDataVault\atiw.exe" -p 1 -continuous "C:\Windows\CCM\SCNotification.exe" "C:\Program Files (x86)\AMD\CNext\CCCSlim\MOM.exe" Restart start "C:\Program Files (x86)\AMD\CNext\CCCSlim\CCC.exe" 0 "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.41.445679559\1247303751" -childID 6 -isForBrowser -prefsHandle 8016 -prefsLen 24902 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 14424 "\.\pipe\gecko-crash-server-pipe.14424" 2528 tab "C:\Program Files (x86)\Microsoft Office\Root\Office16\lynchtmlconv.exe" -Embedding "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="14424.55.1420891983\740772980" -childID 8 -isForBrowser -prefsHandle 7504 -prefsLen 24902 -schedulerPrefs 0001,2 -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" - 14424 "\.\pipe\gecko-crash-server-pipe.14424" 7740 tab C:\WINDOWS\system32\ApplicationFrameHost.exe -Embedding C:\WINDOWS\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F} "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\eventvwr.msc" /s C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\AUDIODG.EXE 0x84c C:\Windows\System32\smartscreen.exe -Embedding C:\WINDOWS\System32\svchost.exe -k swprv C:\WINDOWS\system32\wbem\WmiApSrv.exe "C:\Users\username\Downloads\Setup.RemoteDesktopManager.13.6.5.0.exe" C:\WINDOWS\system32\msiexec.exe /V C:\Windows\syswow64\MsiExec.exe -Embedding 3396DDE84FBF707838F17E539B907D57 C C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost "C:\Users\username\Downloads\Setup.RemoteDesktopManager.13.6.5.0.exe" /i "C:\Users\username\AppData\Roaming\Devolutions inc\Remote Desktop Manager\install\Setup.RemoteDesktopManager.13.6.5.0.msi" AI_EUIMSI=1 APPDIR="C:\Program Files (x86)\Devolutions\Remote Desktop Manager" SHORTCUTDIR="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Desktop Manager" CLIENTPROCESSID="15940" SECONDSEQUENCE="1" CHAINERUIPROCESSID="15940Chainer" ACTION="INSTALL" EXECUTEACTION="INSTALL" CLIENTUILEVEL="0" ADDLOCAL="rdp,FileTypeAssociations,MainFeature" AI_INSTALL_MODE="Repair" REINSTALLMODE="ecmus" REINSTALL="All" PRIMARYFOLDER="APPDIR" ROOTDRIVE="D:\" AI_SKIPBOOTSTRAPPERLANG="1033" AI_SETUPEXEPATH="C:\Users\username\Downloads\Setup.RemoteDesktopManager.13.6.5.0.exe" SETUPEXEDIR="C:\Users\username\Downloads\" AI_SHORTCUTSREG="1|1|1|1" TARGETDIR="D:\" AI_SETUPEXEPATH_ORIGINAL="C:\Users\username\Downloads\Setup.RemoteDesktopManager.13.6.5.0.exe" AI_MAINT="1" C:\Windows\syswow64\MsiExec.exe -Embedding 30328B7078ADCA657E7DD955E7D75D0F "C:\WINDOWS\system32\taskmgr.exe" /4 "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" \??\C:\WINDOWS\system32\conhost.exe 0x4 [/table]

Hello,

What I don't understand is why the RemoteDesktopManager64.exe file has disappear from the installation folder.

What version of RDM is installed on your computer? Is it 13.6.5.0?

Are you still using SQLite as your data source?

Best regards,

I don't get it either...especially since it's not logging any crash or errors.

Edit: SQLLite is still my data source in the default location (AppData/Local/Devolutions/RemoteDesktopManager/Connections.db).

Hello,

This is very strange. I suspect that you have encountered the same issue reported here, but in a different way, since you are using a SQLite data source
https://forum.devolutions.net/topic30091-sqlite-error-after-upgrading-to---unable-to-load-the-sqlite-datasource-the-saved-master-key.aspx

Could you try to uninstall RDM 13.6.5.0, restart your computer and install RDM 13.6.2.0 and see if the application still crashing?
You can download RDM 13.6.2.0 here https://cdn.devolutions.net/download/Setup.RemoteDesktopManager.13.6.2.0.exe

Best regards,

I don't think so...I never get any SQLLite errors.

I've only lost my Connections.db file once - and it just blanked it and created a new one (could have been the repair install).

The other 3 times this has happened the program crashes out, reboot machine, run a repair install, launch RemoteDesktopManager64.exe, all my connections are still there and intact.

Additionally...even after a crash - I can launch the 32-bit version of RDM and all my connections are there and work just fine.

Hello,

It's very strange that you don't have anything in the Window Event Viewer regarding these crashes.

Best regards,

So I can reproduce this 100% of the time now...Here's an error from the MSI attempting to do the repair install. I've attached a video of the issue -


Here's the XML of the job that was running when it crashed - it's just an embedded powershell script that runs "get-process".


<?xml version="1.0"?>
<ArrayOfConnection>
<Connection>
<PowerShell>
<EmbeddedScriptCompressed>c08t0Q0oyk9OLS4GAA==</EmbeddedScriptCompressed>
<IsEmbeddedScript>true</IsEmbeddedScript>
</PowerShell>
<ConnectionType>PowerShell</ConnectionType>
<ID>883fdbfb-7188-4fa2-81a5-c25120faf17d</ID>
<Name>Get-Process</Name>
<OpenEmbedded>true</OpenEmbedded>
<Stamp>9c8bd3a0-1147-4b5e-97ee-4c34caf08ec2</Stamp>
</Connection>
</ArrayOfConnection>

Hello,

Thank you for your video.

I have tested on my Windows 10 machine the same entry type with the Get-Process cmdlet as an embedded script and everything works fine after 20 attempts or so. Even tested it on a Windows Server 2016 and didn't get any problems running the cmdlet within RDM.

We cannot figure why the RemoteDesktopManager64.exe file disappears from the installation folder.

Could you please uninstall RDM 13.6.5.0 and then reinstall it?
If you encounter some problems to uninstall RDM, please consult the following Microsoft documentation page.
https://support.microsoft.com/en-us/help/17588/fix-problems-that-block-programs-from-being-installed-or-removed

Best regards,

Reproduced after re-install on the same machine.

I'll spin up a Windows 10 VM and see if I can reproduce it on a brand new install of something.

Hello,

Have you been able to reproduce the issue on your second VM?

Best regards,

I tried it on my second computer at home...wasn't able to reproduce at home but am still able to consistently reproduce it on my work machine. Will continue to try different things as work permits.


I did try disabling real-time scanning via anti-virus but I'm not sure it actually shuts down the behavioral analysis - antivirus might see RDMx64 trying to repeatedly spawn PowerShell windows and just silently delete/lock it...not sure - am going to try adding some exclusions for the Devolutions .EXEs.

If that doesn't work will continue to try to isolate the problem and report back here with failures/successes throughout the next few weeks just in case anyone else runs into the same problem.

Hello,

Thank you for your feedback. Hope it will work properly with the solution proposed in your previous post.

Best regards,

Got it worked out.

Our AntiMalware software was silently detecting and killing the process and then cleaning up the EXE based on behavioral analysis (launching multiple PowerShell sessions back-to-back).


I guess you might consider that a "win" for AntiMalware behavior analysis to actively catch and clean up a program that tries to launch multiple PowerShell windows and attach them to itself.

Anyway, I added an exclusion to my machine for the Devolutions process and haven't seen the behavior since.

TLDR (final solution); Next-gen antivirus and antimalware with behavior analysis sees multiple PowerShell instances being launched and blocks/deletes the process. Add exclusion for Devolutions EXEs in C:\Program Files (x86)\Devolutions.

Hello,

This make sense actually.

Thank you so much for all your testing and posts regarding this issue. This is really appreciated.

Have a nice day.

Best regards,