I got already 2 alerts saying that SVCHOST was trying to terminate "gcasserv.exe" which is MS Antispyware program. Is it normal? Should I allow it? Thanks for your help.
Hi A884126, svchosts is a trusted aprogram and provided it has not changed recently should be no problem, it may not actually be terminating your other but ascertaining that it can if needs be. Pilli
I have had an alert like this before and there has been no termination of "gcasserv.exe". "gcasserv.exe" is on my protection list along with svchost.exe which has no authorization to terminate.
Same again, but this time PG blocked svchost.exe to terminate gcasdtserv.exe which also belongs to MS Antispyware Beta. It seems there is a serious concern between MS Windows (svchost) and MS Antispyware relationship... I really do not understand why it is trying to kill each other
On my protection list svchost has the ability to Modify+Read and Access Physical Memory. When I click Reset to Default those are the settings that svchost gets.
I know that, the concern is that svchost does not want to leave in peace MS Antispyware for a reason I cannot understand. The issue is the termination process.
Not sure if this is relevant, but might be worth mentioning: when my computer was swamped in malware I noticed many more copies of svchost running in task manager. Normally I see about 6. Back then I would see 8-12. I assumed it meant svchost could be abused. Then again, some malware could have just been using the name to look inconspicuous. Out of curiosity, what does svchost actually do?
"The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services permits better control and easier debugging." http://support.microsoft.com/default.aspx?scid=kb;en-us;314056 As that article also describes, if you enter "tasklist /svc" in the command prompt, you can see what services are running under each instance svchost.exe. Regards, CrazyM