Author Topic: Proc.Run.PE - false positive?  (Read 934 times)

0 Members and 1 Guest are viewing this topic.

January 28, 2018, 03:29:14 am

cinder

  • Newbie

  • Offline
  • *

  • 14
  • Reputation:
    0
    • View Profile
Proc.Run.PE - false positive?
« on: January 28, 2018, 03:29:14 am »
Hi team,

Could you please let me know if this is a false positive? I am getting '[6692] svchost.exe; C:\Windows\System32\scvhost.exe'

I read another thread where you addressed this and I downloaded Process Explorer and I found process 6692, however it was listed as Google Chrome. There were many instances of svchost.exe so I did not know which to create the dump file.

Any help please?

Thanks.

Reply #1January 28, 2018, 02:20:07 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2077
  • Reputation:
    76
    • View Profile
Re: Proc.Run.PE - false positive?
« Reply #1 on: January 28, 2018, 02:20:07 pm »
Hi cinder,

Please reboot your computer and redo a scan. Don't delete/terminate anything.
Then, please post the JSON scan report with your next reply.

Regards.

Reply #2January 29, 2018, 12:19:25 am

cinder

  • Newbie

  • Offline
  • *

  • 14
  • Reputation:
    0
    • View Profile
Re: Proc.Run.PE - false positive?
« Reply #2 on: January 29, 2018, 12:19:25 am »
Hi Curson,

I did this and the scan was fine. All ok then?

Thanks.

Reply #3January 29, 2018, 08:44:13 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2077
  • Reputation:
    76
    • View Profile
Re: Proc.Run.PE - false positive?
« Reply #3 on: January 29, 2018, 08:44:13 pm »
Hi cinder,

Yes. A svchost process had propably crashed and had to be relanched.
Please post again if the issue still happens.

Regards.

Reply #4January 29, 2018, 11:13:51 pm

cinder

  • Newbie

  • Offline
  • *

  • 14
  • Reputation:
    0
    • View Profile
Re: Proc.Run.PE - false positive?
« Reply #4 on: January 29, 2018, 11:13:51 pm »
No worries, thanks for the help!

Reply #5January 30, 2018, 01:35:07 pm

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2077
  • Reputation:
    76
    • View Profile
Re: Proc.Run.PE - false positive?
« Reply #5 on: January 30, 2018, 01:35:07 pm »
Hi cinder,

You are very welcome.

Regards.