Jump to content

Process Explorer Being Detected as Malware


Recommended Posts

I've run Process Explorer every single day for the last several years. It's the first program I launch on startup - ESET has never had an issue with it.

Today it detected Process Explorer as malware for some startling reason. It's flagging a file "PROCEXP152.SYS", which I do not seen at location it specifies. I had to select "Clean" or "Ignore" so I selected "Clean" with the option to copy to quarantine selected - No file showed up in quarantine.

It also specifies that this file was being accessed by Procexp64.exe - A file I purposefully launched. VT scan of Procexp64.exe turns it up clean.

Can anyone help determine if this is a legitimate threat, or a false positive?

image.png.bd46f965d64ef39404c7bf5c934e8f41.png

Link to comment
Share on other sites

So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable.

Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised?

Link to comment
Share on other sites

  • Administrators
2 hours ago, Tetranitrocubane said:

So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable.

Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised?

No, your system is not compromised. The driver can be exploited by malware. In such case, the driver would be very likely in a different folder than that with the Process Explorer executable.

Link to comment
Share on other sites

Thanks much, Marcos. I appreciate your help and reassurance. I've updated the program and deleted the old one, so hopefully the vulnerability is eliminated. 

Out of curiosity, a cursory search of the forums after my post reveals that this has been an issue that others have encountered months ago - For some reason I only had this happen to me today, despite keeping ESET up to date for the last few years. I also launch Process Explorer with Admin privileges first thing on every boot.

Is there a reason why this detection would occur so late for me? I haven't changed any options in ESET recently. I'm concerned that something else might be compromising ESETs effectiveness. 

Link to comment
Share on other sites

  • Administrators

I assume it could be because it was not a newly created file signed by Microsoft.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...