svchost.exe modifying explorer.exe ?

Discussion in 'ProcessGuard' started by Dwarden, Jan 29, 2005.

Thread Status:
Not open for further replies.
  1. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    177
    Location:
    Czech Republic

    Sat 29 - 16:09:53 [MODIFY] c:\windows\system32\svchost.exe [1020] was blocked from modifying c:\windows\explorer.exe [1760]


    even i assume this is ok ...
    any idea why this event happen (if svchost already got predefined rules?)

    PG 3.150 and Windows XP Pro SP2 English
     
    Dwarden, Jan 29, 2005
    #1
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Dwarden, svchosts,exe in the system32 folder and is a system .exe
    C:\WINDOWS\System32\svchost.exe 2nd Generic Host process used to load services that use DLL's.

    In processGuard svchosts should be set as follows:

    Protect from Modification and Termination
    Allow Modify & Read + Access to Physical memory.

    If you have Port Exploer you will see that there are usually several instances of SVCHOST's running.

    HTH Pilli
     
    Pilli, Jan 29, 2005
    #2
  3. Dwarden

    Dwarden Registered Member

    Joined:
    Apr 11, 2003
    Posts:
    177
    Location:
    Czech Republic
    Thank You, wasn't sure :)
     
    Dwarden, Jan 29, 2005
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...