Jump to content

Is Svchost.exe malware?


Go to solution Solved by kevinf80,

Recommended Posts

Hello! Firstly long time no see on here! So I got a random alert from Windows Defender that it prevented “Svchost.exe” from making changes to a file, is this a false positive or is this genuinely a threat? Windows defender definitely has the most false positives out of any anti-virus I have used so I’m definitely curious.

Edited by Hyperwolf122
Misread
Link to post
Share on other sites

  • Hyperwolf122 changed the title to Is Svchost.exe malware?

Hiya Hyperwolf122,

Your screenshot indicates Controlled Folder Access triggered the block to Svchost.exe from making changes to memory.

Svchost.exe is also known as the Service Host process, it is responsible for hosting various service processes. There are many of Windows services running in the background, also possibly some 3rd party service processes. If your PC is definitely infected it would probably be a 3rd party process causing the problem.

I have just upgraded to Windows 11, Controlled Folder Access is currently disabled; I assume by default. I do not believe it was enabled in Windows 10 either. As for why you are seeing these messages, it is because your Controlled Folder Access setting is enabled. This is possibly happening because one of the svchost processes may be host to a 3rd party service, which Windows Security is suspicious of.

Lets run a diagnostic scan to check your system further..

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status... If English is not your primary language Right click on FRST/FRST64 and rename FRSTEnglish/FRST64English

 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The tool will also make a log named (Addition.txt) Please also attach that log to your reply.


Thank you,

Kevin
 
  • Thanks 1
Link to post
Share on other sites

  • Solution

Hello Hyperwolf122,

Your logs are clean, no signs of Malware or Infection. Your current problem is because  Controlled Folder Access is enabled, hence the alerts you are seeing...

The default setting for Controlled Folder Access is OFF, having it on will make your system more secure but can also cause a lot of ambiguity. My setting is current set to OFF, I did not change that setting, it came that way when I upgraded to Windows 11. I can also confirm it was also that way when I upgraded from Windows 7 to Windows 10...

My advice would be to disable Controlled Folder Access, obviously that choice is yours to make. Have a read at the following links:

https://support.microsoft.com/en-us/windows/allow-an-app-to-access-controlled-folders-b5b6627a-b008-2ca2-7931-7e51e912b034

https://www.tenforums.com/tutorials/113380-how-enable-disable-controlled-folder-access-windows-10-a.html

https://www.howtogeek.com/329532/how-to-protect-your-files-from-ransomware-with-windows-defenders-controlled-folder-access/

Let me know your thoughts...

Regards,

Kevin.

 

  • Thanks 1
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Please review the following to help you better protect your computer and privacy Tips to help protect from infection

Thank you

 

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.