AndresQ 0 Posted June 13, 2022 Posted June 13, 2022 Hi, im getting this alarm on enterprise inspector. Process execution from suspicious location (execution flow hijacking) [E0422] Triggering process System: mousocoreworker.exe Username nt authority\system im new to this console, can someone kindly explain me what this is about thanks
Administrators Marcos 5,450 Posted June 13, 2022 Administrators Posted June 13, 2022 What is the path to mousocoreworker.exe? It's normally located in c:\windows\system32 and %WINDIR%\uus\amd64 on Windows 11 according to the rule. Since the rule was triggered, the file was likely run from another non-standard location. AndresQ 1
AndresQ 0 Posted June 13, 2022 Author Posted June 13, 2022 Hi Marcos, thanks for the response. Acording to this the path is the following Path: %WINDIR%\uus\amd64\ any idea why this is triggering an alert? ive been watching the logs and it appears that this alert has been going for a couple months now.
Recommended Posts