Bug Report "File creation failed" and the analysis result included

[Naki]

AOK -- your Windows File Explorer fonts are wildly different from standard Windows/Microsoft fonts somehow.
Did you use built-in Windows 10 OS functionality to change this, please?
OR was it done via editing some Windows Registry keys, and/or Windows OS settings files?

OR maybe it was done via a Windows 10 Theming/Tweaking add-on program, free or paid one? Such as those provided by Stardock, or Classic Shell, OldNewExplorer/etc?
If so, please could you list the name of program(s) used to do it?
I am thinking that program you used and tweaks done may have led to "tweak it 'till it breaks" condition.

 

[AOK]

I think your issue is a different one than discussed in this thread.
Do you see anything useful in Windows Event Viewer?

Yep - you were right!

Access to C:\Users\xxx\AppData\Local\Temp\GPUQuery_External.exe has been restricted by your Administrator by location with policy rule {1d49a534-fcf6-431e-9801-45dedffc4cd8} placed on path C:\Users\***\AppData\Local\Temp\*.exe.

Any idea how to find to re-adjust this rule? And better - can I make specific exceptions and leave the rule as it is? I did that on purpose - long time ago against malicious code.

Naki, nope - the theme is custom made manually. It was a set of policies I don't remember exactly how I did some time ago for security reasons.

 

[W1zzard]

Thanks for the update.

You used a GPO like that? http://www.fatdex.net/php/2014/06/0...unning-inside-any-user-appdata-directory-gpo/

I doubt it's an effective security mechanism, and a lot of installers will fail that way.
Not sure if whitelisting specific apps is possible here, any GPO experts?

 

[AOK]

Sooo - I found what it is. Thanks for the link, Mr W. It was a great starting point. I hope even though it's a different issue the info below would be interesting and useful for others as well.

CryptoPrevent which obviously tries hard to prevent the HDDs to get crypted applies a set of polices among which is the execution of exe in temp folder. So far I didn't had problems. Except for viber. When you allow with the gpedit in the Software Restriction Policies/Additional Rules (in Loc.Comp) the GPU-Z exe both as path and hash.... doesn't work!
One should start it and go and allow the GPUQuery_External.exe in order for it to work. And even then the first thread (is blocked - I guess it's the one with the physX since it's the only one NOT ticked). This means even though I have thrown it as exception the stupid windows is not reading it the first time -either that or my 1080ti does not have physX )) Are these ticks for showing that my card supports it?

Another weird thing: Process Explorer (admin mode) doesn't see GPUQuery_External.exe even while active which easy since I still get it blocked in its first iteration of detections.
W1zzard, why is that? The exe is in the temp I see it there, but not in PE. Would love to know - since I will leave the global prevention policy stay and yet want to know how to detect other child processes invisible for PE.

 

[W1zzard]

Are these ticks for showing that my card supports it?

Correct

doesn't see GPUQuery_External.exe

Works for me. The process is alive only for 2-3 seconds though, try clicking the refresh button in the top right of the window (right to the left of the hamburger settings icon)