I have been experiencing several Windows Defender detections like the one below where every single time I trace the process pid in the defender event it traces back to one of the Malwarebytes ig.exe processes. I understand that process id's get reused, but I have seen this occurring on several systems and the pid always ties back to an ig-#.exe process. I have also checked the hashes and they are all digitally signed with 0 detections and this is occurring with different Security intelligence versions.
Is anyone else experiencing this?
Example process names:
C:\Program Files\Malwarebytes\Anti-Malware\ig-17.exe
C:\Program Files\Malwarebytes\Anti-Malware\ig-5.exe
C:\Program Files\Malwarebytes\Anti-Malware\ig-19.exe
Example event:
Name: Behavior:Win32/PowEmotet.SB
ID: 2147805329
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:5276:82135149762278; process:_pid:5276,ProcessStart:132827990610065328
Detection Origin: Unknown
Detection Type: Concrete
Detection Source: System
User:
Process Name: Unknown
Action: Not Applicable
Action Status: No additional actions required
Error Code: 0x00000000
Error description: The operation completed successfully.
Security intelligence Version: AV: 1.353.2078.0, AS: 1.353.2078.0, NIS: 1.353.2078.0
Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4
Hash & VT results:
https://www.virustotal.com/gui/file/6170b82019bee18ba159d967336a671fcf31f66aad00c90e8ae892046810020a