Jump to content

Process execution from suspicious location (execution flow hijacking) [E0422]


Recommended Posts

Hi, im getting this alarm on enterprise inspector.

Process execution from suspicious location (execution flow hijacking) [E0422]

Triggering process
 
Username
nt authority\system
 
im new to this console, can someone kindly explain me what this is about
 
thanks
Link to comment
Share on other sites

  • Administrators

What is the path to mousocoreworker.exe? It's normally located in c:\windows\system32 and %WINDIR%\uus\amd64 on Windows 11 according to the rule. Since the rule was triggered, the file was likely run from another non-standard location.

Link to comment
Share on other sites

Hi Marcos, thanks for the response. Acording to this the path is the following

Path:     %WINDIR%\uus\amd64\

any idea why this is triggering an alert? ive been watching the logs and it appears that this alert has been going for a couple months now.

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...