AndresQ 0 Posted June 13 Share Posted June 13 Hi, im getting this alarm on enterprise inspector. Process execution from suspicious location (execution flow hijacking) [E0422] Triggering process System: mousocoreworker.exe Username nt authority\system im new to this console, can someone kindly explain me what this is about thanks Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,244 Posted June 13 Administrators Share Posted June 13 What is the path to mousocoreworker.exe? It's normally located in c:\windows\system32 and %WINDIR%\uus\amd64 on Windows 11 according to the rule. Since the rule was triggered, the file was likely run from another non-standard location. AndresQ 1 Quote Link to comment Share on other sites More sharing options...
AndresQ 0 Posted June 13 Author Share Posted June 13 Hi Marcos, thanks for the response. Acording to this the path is the following Path: %WINDIR%\uus\amd64\ any idea why this is triggering an alert? ive been watching the logs and it appears that this alert has been going for a couple months now. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.