Taskhost modification

Discussion in 'ESET Smart Security' started by Tyfelt, Jan 10, 2013.

Thread Status:
Not open for further replies.
  1. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    I received the following message today informing me that Host Process for Windows Tasks was modified.

    http://s13.postimage.org/4pq4n2tbb/taskhost.jpg

    It just came up out of the blue. I was not browsing anywhere, I hadn't downloaded anything, I hadn't run any files. My last scans have all been clean. As you can see the "deny" option is unavailable.

    How do I find out what's going on? I can't scan taskhost.exe because ESET says it can't open the file.

    Edit: The deny option became available - so obviously I chose that.
     
  2. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    It was probably from the recent windows update for January.
     
  3. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    Wouldn't that happen right away after I applied the update (Tuesday)?
     
  4. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    You usually do not see it until the updated file runs for the first time after updating. A lot of windows files only run maybe once a day or every few days. Some files may be several days sometimes before they run for the first time after updating, hence the delayed notice. A lot of windows files run on demand basis which means until you do something that causes them to run.
     
  5. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    I have rebooted a good few times since then however, and surely taskhost.exe gets run with each reboot at the least. Not trying to be difficult here, just understand the process.
     
  6. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    The only thing I can tell you for sure is if you are on Win 8 Pro x64, that file did not update. Windows Update varies by OS so for any other OS I am not sure. I went back and checked my logs on changed OS files and on my system it did not update this time. Go to the file and check the properties and see if it is signed by Microsoft. If it is then check it with VirusTotal. Those two things should let you know whether to let it run or not.
     
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Good info here.
    http://www.ghacks.net/2010/05/12/taskhost-exe-process-explained/
     
  8. puff-m-d

    puff-m-d Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    4,451
    Location:
    North Carolina, USA
    Thanks for that link ronjor, good information there!
     
  9. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    A time and date of the modification in the warning message would be helpful too.

    Was the warning message clicked for more info?
     
  10. Tyfelt

    Tyfelt Registered Member

    Joined:
    Jun 6, 2010
    Posts:
    31
    Thank you both for your replies. Interestingly, I found that I made a post with the exact same issue in 2011 (that I had forgotten about completely) that seemed to also be related to a Windows update.

    https://www.wilderssecurity.com/showthread.php?t=293642

    There was no other info in the ESET warning message, just the generic text.
     
  11. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
Thread Status:
Not open for further replies.