False positive or legit? Esif_assist_64.exe

[Salenai]

hello, each time I run roguekiller in normal mode, it finds esif_assist_64.exe in C:/Windows/Temp/DPTF/ folder.

Detection is labeled as Suspicious.Path, and type is Process.

Each time I click on delete it does not get deleted, instead it gets "killed".

File shows up every time I boot computer and shows time of creation time I booted the computer.

Description of the file is: Intel (R) Dynamic Platform and Thermal Framework Utility Application.

File does not show up in the folder when I boot computer in safe mode, and neithet does it get detected by roguekiller. It gets detected only when I run it in normal mode.


I ran it through virustotal and it came in clean, however I checked the details and it shows all certificates as legit except the first one. Also, it specified it as a Portable execution file.

Is it legit? Thanks

[Salenai]

can plz anyone verify this to me?
I found out that file and folder was not present there after reinstall, but became once I updated windows.

[Curson]

Hi Salenai,

This item is legit.
Every process that is launched from any temporary folders is considered Suspicous by RogueKiller.
You can safely leave it alone.

Regards.

Note : This thread has been moved to the "RogueKiller" section for clarity.

[Salenai]

Thank you.

So I do not need to be concerned?
Has this file been tested by others and reported as suspicious?

Virus total,nor anything else found anything wrong with it. Roguekiller is only thing that found it to be suspicious. Virustotal found 0 viruses, but upon closer inspection I found expired main certificate.
 Intel (R) Software - Certificate Intel external basic issuing CA 3B.
It is expired certificate that expired on 7/15/2016.

Timestamp is however all right (which I heard it is most important?) along with other sub-certificates of the file.
There are also 2 more files in DPTF folder, something with name wwan and wlan, both have also expired first main certificate with same name while othet sub-certificates are ok.

I tried deleting folder, I cant. I tried cancelling process in task manager, I will kill process and at same moment it will start again, so it cannot be stopped.

[Curson]

Hi Salenai,

You are welcome.

So I do not need to be concerned?
Has this file been tested by others and reported as suspicious?

No, this file is safe.
Since malware process are often launched from temporary folders , RogueKiller flags every such process as Suspicious.

Virus total,nor anything else found anything wrong with it. Roguekiller is only thing that found it to be suspicious. Virustotal found 0 viruses, but upon closer inspection I found expired main certificate.
 Intel (R) Software - Certificate Intel external basic issuing CA 3B.
It is expired certificate that expired on 7/15/2016.

Timestamp is however all right (which I heard it is most important?) along with other sub-certificates of the file.
There are also 2 more files in DPTF folder, something with name wwan and wlan, both have also expired first main certificate with same name while othet sub-certificates are ok.

Expired certificates are indeed not really an issue

I tried deleting folder, I cant. I tried cancelling process in task manager, I will kill process and at same moment it will start again, so it cannot be stopped.

Temp folder is essential to Windows, don't delete it.
esif_assist_64.exe is likely monitored and automatically restarted.

Regards.