"system" trying to modify scvhost.exe..ok?

Discussion in 'Ghost Security Suite (GSS)' started by jimmytop, May 26, 2006.

Thread Status:
Not open for further replies.
  1. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    When I start up my virtual pc, with appdefend on it, with all networking allowed, and KIS as my firewall.... I get a AppDefend alert that "system [4] is trying to modify process scvhost.exe [884]"

    Should I always allow this?
     
  2. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    I have a similar behavior when i plug/unplug my network cable.
    I beleive it has to do with the new network connection with the virtual machine.
    I would allow it.
    As a general rule of thumb i'd allow all action by system unless i know i am compromised wich i hope will never happens.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Did you misspell "svchost" or did you really mean "scvhost"? If the latter, then this (being a close misspelling of a legitimate Windows component) is a good indicator of malware.
     
  4. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    Sorry, just a typo. Meant svchost....thanks
     
    Last edited: May 30, 2006
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.