Tetranitrocubane 2 Posted February 8, 2024 Posted February 8, 2024 I've run Process Explorer every single day for the last several years. It's the first program I launch on startup - ESET has never had an issue with it. Today it detected Process Explorer as malware for some startling reason. It's flagging a file "PROCEXP152.SYS", which I do not seen at location it specifies. I had to select "Clean" or "Ignore" so I selected "Clean" with the option to copy to quarantine selected - No file showed up in quarantine. It also specifies that this file was being accessed by Procexp64.exe - A file I purposefully launched. VT scan of Procexp64.exe turns it up clean. Can anyone help determine if this is a legitimate threat, or a false positive?
Tetranitrocubane 2 Posted February 8, 2024 Author Posted February 8, 2024 So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable. Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised?
Administrators Marcos 5,742 Posted February 8, 2024 Administrators Posted February 8, 2024 2 hours ago, Tetranitrocubane said: So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable. Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised? No, your system is not compromised. The driver can be exploited by malware. In such case, the driver would be very likely in a different folder than that with the Process Explorer executable.
Tetranitrocubane 2 Posted February 8, 2024 Author Posted February 8, 2024 Thanks much, Marcos. I appreciate your help and reassurance. I've updated the program and deleted the old one, so hopefully the vulnerability is eliminated. Out of curiosity, a cursory search of the forums after my post reveals that this has been an issue that others have encountered months ago - For some reason I only had this happen to me today, despite keeping ESET up to date for the last few years. I also launch Process Explorer with Admin privileges first thing on every boot. Is there a reason why this detection would occur so late for me? I haven't changed any options in ESET recently. I'm concerned that something else might be compromising ESETs effectiveness.
Administrators Marcos 5,742 Posted February 8, 2024 Administrators Posted February 8, 2024 I assume it could be because it was not a newly created file signed by Microsoft.
Recommended Posts