VSSVC.exe Protected

Discussion in 'Prevx Releases' started by PC_Fiddler, Jan 21, 2013.

Thread Status:
Not open for further replies.
  1. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    This file (VSSVC.exe) is in C:\Windows\System32 & from my reading should be there, however it's just appeared in WSA in 'Protected Applications' as a single file. It's never been there before & the only change made to this PC in the last few days was the update of DropBox today - Any ideas why it's protected? Win7 64 Bit.

    It's not shown as unknown but in the scan log it does show as modified:

    Tue 22-01-2013 00:46:40.0749 Determination flags modified: c:\windows\sysnative\vssvc.exe - MD5: B60BA0BC31B0CB414593E169F6F21CC2, Size: 1600512 bytes, Flags: 00000000

    Though why the file would be modified at that time is unknown as the PC was idle?
     
    Last edited: Jan 21, 2013
  2. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
    I have this for the same file:

    [G] c:\windows\sysnative\vssvc.exe [MD5: B60BA0BC31B0CB414593E169F6F21CC2] [Flags: 00110000.2546]

    It's not in my Protected Applications list.
     
  3. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    As I foolishly removed it from protection I've imaged the C:\ drive back to yesterday & will see if the file is modified again, I'm always suspicious of system files changing without good reason so I'll see what occurs :eek:
     
  4. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    The problem hasn't occurred again so must have been a glitch somewhere? However it was most useful for WSA to show that the file had changed! And frequent images of your C:\ are IMHO essential for prevention of sleepless nights & infrequent usage of your Windows discs :argh:
     
    Last edited: Jan 25, 2013
  5. PrevxHelp

    PrevxHelp Former Prevx Moderator

    Joined:
    Sep 14, 2008
    Posts:
    8,242
    Location:
    USA/UK
    It could have been started by a protected application, which may add it to the list intentionally. As long as you're not seeing anything strange happening on your system, I wouldn't be worried :)
     
  6. PC_Fiddler

    PC_Fiddler Registered Member

    Joined:
    Aug 18, 2012
    Posts:
    167
    Location:
    Yorkshire - UK
    Thanks for that info, no there doesn't appear to be anything else amiss :D
     
Thread Status:
Not open for further replies.