itman 1,510 Posted February 14 Share Posted February 14 Today I was running just issued Win 10 Feb. cumulative update. Malicious Software Remover tool is running. Eset displays popup that MRT.exe is accessing a PUA. Popup options are clean or ignore. I select clean option. Well folks, it turns out Eset is now detecting Process Explorer's driver as a PUA: Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 2/14/2023 4:27:25 PM;Real-time file system protection;file;C:\Windows\System32\drivers\PROCEXP152.SYS;Win64/ProcessExplorer.B potentially unsafe application;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred during an attempt to access the file by the application: C:\Windows\System32\MRT.exe (372516C8F7462A5C6B46F4D44B4EB5BED9FE1378).;BC47E15537FA7C32DFEFD23168D7E1741F8477ED;6/28/2022 12:26:43 PM Luckily, this wasn't a critical OS driver that was deleted. Eset, an explanation on this activity please. Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.