Not what you were looking for? Ask our experts!
Reply
Contributor
uccellini
Posts: 15
Registered: ‎04-02-2010

CONHOST.EXE

I keep getting alerts for unauthorized access from CONHOST.EXE

 

and while installing windows updates a program tried to install adobe flash player on my pc

 

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

 

Target : \Device\HardDiskVolume2\ProgramFiles(x86)\Norton Internet Security\Engine\17.5.0.127\CLTLMH.EXE

 

Target PID: 3312

 

Action: Access Process Data

 

Reaction: Unauthorized access logged

 

Also, is there an easier way to report these events?

 

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

 

thanks

 

 

 

 

Super Spyware Scolder
3play
Posts: 236
Registered: ‎01-21-2010

Re: CONHOST.EXE

[ Edited ]

uccellini wrote:

I keep getting alerts for unauthorized access from CONHOST.EXE

 

Actor: C:\WINDOWS\SYSTEM32\CONHOST.EXE

 

 Hello ! This must be a legitimate Microsoft Windows process . Have a look here:

http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/

 

Using Windows Explorer (Computer) , navigate to C:\Windows\system32\ and find conhost.exe

Right click it and press "Norton File Insight and you should see something like this (a.k.a Microsoft signature and Norton Trusted File)

 

Capture.PNG

 

If so , don't worry , the entries for unauthorized access are legitimate . They come from the Norton Tamper protection when something tries to access a file or entrie that belongs to Norton.

 

And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

 

 

 Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.

 

 


 

Phil_D
Posts: 7,648
Topics: 207
Kudos: 2,555
Solutions: 391
Registered: ‎06-10-2008

Re: CONHOST.EXE


3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

 

  Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.


I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.

Norton Internet Security • Comcast NSS • Norton Security Beta | XP SP3 • Windows 7 Professional SP1 x64
• PLEASE, BACKUP or EXPORT your Identity Safe Data on a regular basis •
"Anyone who isn't confused really doesn't understand the situation."  Edward R. Murrow

SendOfJive
Posts: 10,754
Kudos: 4,794
Solutions: 776
Registered: ‎02-07-2009

Re: CONHOST.EXE

As 3play indicates, this is a logged Norton Product Tamper Protection event and is not anything to be concerned about.  The Malicious Software Removal Tool does not conflict with Norton..  Indeed Microsoft recommends the use of an antivirus program along with MSRT, since the latter is not intended to prevent infection.

Super Spyware Scolder
3play
Posts: 236
Registered: ‎01-21-2010

Re: CONHOST.EXE

[ Edited ]

Phil_D wrote:

3play wrote:
And finally will Windows Malicious Software Reoval Tool conflict with NIS 2010?

 

  Yes , but Micorosoft's MSRT is not that important if your Norton is working fine.


I have never had any issues with the Windows Malicious Software Removal Tool (released with the monthly update) causing a conflict with NIS 2010.


 

I am sorry . It is a typo . Still a bit dizzy from yesterday's holiday (Eastern) . :smileytongue: The actual answer is NO. Microsoft's MSRT (KB890830) will not conflict with any antivirus including Norton.

Contributor
uccellini
Posts: 15
Registered: ‎04-02-2010

Re: CONHOST.EXE

Thanks guys, I know viruses like to mimic legitimate file names and this one came up as all caps when the actual file was lowercase, just seemed suspicious.

Super Spyware Scolder
3play
Posts: 236
Registered: ‎01-21-2010

Re: CONHOST.EXE


uccellini wrote:

Thanks guys

 

(...)

 

 this one came up as all caps when the actual file was lowercase, just seemed suspicious.


You are welcome !

 

Just for your information , in one place (directory / folder) there cannot be two or more files with the same name - one in lowercase and one in uppercase . For example in C:\Windows\system32\

there can't be CONHOST.EXE and conhost.exe

 

It doesn't matter if the name is in uppercase or lowercase.

 

The same goes for email addresses and websites.  WWW.SYMANTEC.COM OR NAME@SYMANTEC.COM  is the same as www.symantec.com and name@symantec.com