• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs

Not what you are looking for? Ask the experts!

Kudos0

CONHOST.EXE

I keep getting alerts for unauthorized access from CONHOST.EXE

and while installing windows updates a program tried to install adobe flash player on my pc

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

Target : \Device\HardDiskVolume2\ProgramFiles(x86)\Norton Internet Security\Engine\17.5.0.127\CLTLMH.EXE

Target PID: 3312

Action: Access Process Data

Reaction: Unauthorized access logged

Also, is there an easier way to report these events?

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

thanks

Replies

Kudos0

Re: CONHOST.EXE


uccellini wrote:

I keep getting alerts for unauthorized access from CONHOST.EXE

 

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

 Hello ! This must be a legitimate Microsoft Windows process . Have a look here:

http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

Using Windows Explorer (Computer) , navigate to C:\Windows\system32\ and find conhost.exe

Right click it and press "Norton File Insight and you should see something like this (a.k.a Microsoft signature and Norton Trusted File)

If so , don't worry , the entries for unauthorized access are legitimate . They come from the Norton Tamper protection when something tries to access a file or entrie that belongs to Norton.

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

 Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.


Kudos0

Re: CONHOST.EXE


3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

  Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.


I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.

"Anyone who isn't confused really doesn't understand the situation."   Edward R. Murrow
Kudos0

Re: CONHOST.EXE

As 3play indicates, this is a logged Norton Product Tamper Protection event and is not anything to be concerned about.  The Malicious Software Removal Tool does not conflict with Norton..  Indeed Microsoft recommends the use of an antivirus program along with MSRT, since the latter is not intended to prevent infection.

Kudos0

Re: CONHOST.EXE


Phil_D wrote:

3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

  Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.


I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.


I am sorry . It is a typo . Still a bit dizzy from yesterday's holiday (Eastern) .  The actual answer is NO. Microsoft's MSRT (KB890830) will not conflict with any antivirus including Norton.

Kudos0

Re: CONHOST.EXE

Thanks guys, I know viruses like to mimic legitimate file names and this one came up as all caps when the actual file was lowercase, just seemed suspicious.

Kudos0

Re: CONHOST.EXE


uccellini wrote:

Thanks guys

(...)

 this one came up as all caps when the actual file was lowercase, just seemed suspicious.


You are welcome !

Just for your information , in one place (directory / folder) there cannot be two or more files with the same name - one in lowercase and one in uppercase . For example in C:\Windows\system32\

there can't be CONHOST.EXE and conhost.exe

It doesn't matter if the name is in uppercase or lowercase.

The same goes for email addresses and websites.  WWW.SYMANTEC.COM OR NAME@SYMANTEC.COM  is the same as www.symantec.com and name@symantec.com

Replies are locked for this thread.