AndresQ 0 Posted June 13, 2022 Share Posted June 13, 2022 Hi, im getting this alarm on enterprise inspector. Process execution from suspicious location (execution flow hijacking) [E0422] Triggering process System: mousocoreworker.exe Username nt authority\system im new to this console, can someone kindly explain me what this is about thanks Link to comment Share on other sites More sharing options...
Administrators Marcos 4,552 Posted June 13, 2022 Administrators Share Posted June 13, 2022 What is the path to mousocoreworker.exe? It's normally located in c:\windows\system32 and %WINDIR%\uus\amd64 on Windows 11 according to the rule. Since the rule was triggered, the file was likely run from another non-standard location. AndresQ 1 Link to comment Share on other sites More sharing options...
AndresQ 0 Posted June 13, 2022 Author Share Posted June 13, 2022 Hi Marcos, thanks for the response. Acording to this the path is the following Path: %WINDIR%\uus\amd64\ any idea why this is triggering an alert? ive been watching the logs and it appears that this alert has been going for a couple months now. Link to comment Share on other sites More sharing options...
Recommended Posts