keep getting this today. nothing has really changed since the last time I used my PC although last time I used it I updated to Vista SP1. A full in-depth scan shows nothing. Should I be concerned?

R.

If you use the default options of ESS about application modification detection , ESET will see that if svchost.exe has been updated from Microsoft and not bother you about it. Have you modified that option ?

When ESS displays that message again , see where svchost.exe is located on your computer and then upload a copy of it to www.virustotal.com
If some vendors find it possibly infected (the genuie Microsoft one must be 100% clean) , send a copy of it to samples@eset.sk

Thanks

Never modified that option.

told it to allow because firefox couldn't access sites. can't remember the location it gave for svchost but think in /system32. presume that is where it legitimately resides?

R.

The legitimate place of the legitimate genuie svchost.exe is %windir%\system32\ but since the warning is for that file it means that the the first svchost you have had has been modified . ESS detected this during attemp for communication by the new svchost.exe
It might be a malware that has modified it . That is why it is important for you to double check this file . I think you must eliminate the possibility of infection or respectively false positive alarm from ESS.

I have again had a warning for svchost.exe residing in:
C:\Windows\System32

EC edit: Removed virus total results. Please read our TOS (http://www.wilderssecurity.com/tos.php).
Presumably this means I have nothing to worry about and can allow svchost from that location?

thanks

R.

I had the same warning from ESS shortly after installing vista sp1.

-{ Quote: "I had the same warning from ESS shortly after installing vista sp1." }-

Looks like ESS has a design flaw in this feature, somehow its not able to detect certain kinds of legit modifications to these files.

It seems a compatibility issue between Vista sp1 and ESS

-{ Quote: "Looks like ESS has a design flaw in this feature, somehow its not able to detect certain kinds of legit modifications to these files." }-

As far as I'm aware, the behavior described in this thread is expected. The software is designed to warn in such a situation.

-{ Quote: "As far as I'm aware, the behavior described in this thread is expected. The software is designed to warn in such a situation." }-

It is also designed not to warn about signed applications and I am to believe Microsoft have signed their svchost.exe and related applications ::) :thumb:

Hello,

It depends on how the Allow modification of signed (trusted) applications option is set in ESET Smart Security and its associated list of entries.

Regards,

Aryeh Goretsky