Jump to content

Process execution from suspicious location (execution flow hijacking) [E0422]

AndresQ
 Share

Recommended Posts

AndresQ

AndresQ 0

Posted
Posted

Hi, im getting this alarm on enterprise inspector.

Process execution from suspicious location (execution flow hijacking) [E0422]

Triggering process
 
Username
nt authority\system
 
im new to this console, can someone kindly explain me what this is about
 
thanks
Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,074

Posted
  • Administrators
Posted

What is the path to mousocoreworker.exe? It's normally located in c:\windows\system32 and %WINDIR%\uus\amd64 on Windows 11 according to the rule. Since the rule was triggered, the file was likely run from another non-standard location.

Link to comment
Share on other sites
AndresQ

AndresQ 0

Posted
  • Author
Posted

Hi Marcos, thanks for the response. Acording to this the path is the following

Path:     %WINDIR%\uus\amd64\

any idea why this is triggering an alert? ive been watching the logs and it appears that this alert has been going for a couple months now.

 

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...