CONHOST.EXE

uccellini · ‎04-02-2010

I keep getting alerts for unauthorized access from CONHOST.EXE

and while installing windows updates a program tried to install adobe flash player on my pc

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

Target : \Device\HardDiskVolume2\ProgramFiles(x86)\Norton Internet Security\Engine\17.5.0.127\CLTLMH.EXE

Target PID: 3312

Action: Access Process Data

Reaction: Unauthorized access logged

Also, is there an easier way to report these events?

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

thanks

3play · ‎01-21-2010

uccellini wrote:
I keep getting alerts for unauthorized access from CONHOST.EXE

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

Hello ! This must be a legitimate Microsoft Windows process . Have a look here:
http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

Using Windows Explorer (Computer) , navigate to C:\Windows\system32\ and find conhost.exe
Right click it and press "Norton File Insight and you should see something like this (a.k.a Microsoft signature and Norton Trusted File)

If so , don't worry , the entries for unauthorized access are legitimate . They come from the Norton Tamper protection when something tries to access a file or entrie that belongs to Norton.

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.

Phil_D · ‎06-10-2008

3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.

I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.

Norton 360 • Norton Internet Security • Norton Zone | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •

SendOfJive · ‎02-07-2009

As 3play indicates, this is a logged Norton Product Tamper Protection event and is not anything to be concerned about. The Malicious Software Removal Tool does not conflict with Norton.. Indeed Microsoft recommends the use of an antivirus program along with MSRT, since the latter is not intended to prevent infection.

3play · ‎01-21-2010

Phil_D wrote:
3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.
I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.

I am sorry . It is a typo . Still a bit dizzy from yesterday's holiday (Eastern) . The actual answer is NO. Microsoft's MSRT (KB890830) will not conflict with any antivirus including Norton.

uccellini · ‎04-02-2010

Thanks guys, I know viruses like to mimic legitimate file names and this one came up as all caps when the actual file was lowercase, just seemed suspicious.

3play · ‎01-21-2010

uccellini wrote:
Thanks guys

(...)

this one came up as all caps when the actual file was lowercase, just seemed suspicious.

You are welcome !

Just for your information , in one place (directory / folder) there cannot be two or more files with the same name - one in lowercase and one in uppercase . For example in C:\Windows\system32\

there can't be CONHOST.EXE and conhost.exe

It doesn't matter if the name is in uppercase or lowercase.

The same goes for email addresses and websites. WWW.SYMANTEC.COM OR NAME@SYMANTEC.COM is the same as www.symantec.com and name@symantec.com