"system" trying to modify scvhost.exe..ok?

Discussion in 'Ghost Security Suite (GSS)' started by jimmytop, May 26, 2006.

Thread Status:
Not open for further replies.
  1. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    When I start up my virtual pc, with appdefend on it, with all networking allowed, and KIS as my firewall.... I get a AppDefend alert that "system [4] is trying to modify process scvhost.exe [884]"

    Should I always allow this?
     
  2. f3x

    f3x Registered Member

    Joined:
    Feb 6, 2006
    Posts:
    311
    Location:
    Montreal, Quebec
    I have a similar behavior when i plug/unplug my network cable.
    I beleive it has to do with the new network connection with the virtual machine.
    I would allow it.
    As a general rule of thumb i'd allow all action by system unless i know i am compromised wich i hope will never happens.
     
  3. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Did you misspell "svchost" or did you really mean "scvhost"? If the latter, then this (being a close misspelling of a legitimate Windows component) is a good indicator of malware.
     
  4. jimmytop

    jimmytop Registered Member

    Joined:
    Dec 9, 2004
    Posts:
    268
    Location:
    USA
    Sorry, just a typo. Meant svchost....thanks
     
    Last edited: May 30, 2006
Thread Status:
Not open for further replies.