Tetranitrocubane 1 Posted February 8 Share Posted February 8 I've run Process Explorer every single day for the last several years. It's the first program I launch on startup - ESET has never had an issue with it. Today it detected Process Explorer as malware for some startling reason. It's flagging a file "PROCEXP152.SYS", which I do not seen at location it specifies. I had to select "Clean" or "Ignore" so I selected "Clean" with the option to copy to quarantine selected - No file showed up in quarantine. It also specifies that this file was being accessed by Procexp64.exe - A file I purposefully launched. VT scan of Procexp64.exe turns it up clean. Can anyone help determine if this is a legitimate threat, or a false positive? Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 1 Posted February 8 Author Share Posted February 8 So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable. Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted February 8 Administrators Share Posted February 8 2 hours ago, Tetranitrocubane said: So, updating Process Explorer alleviated this issue - The latest version doesn't cause this issue with ESET. I gather this is because the older version of PROCEXP152.SYS was vulnerable. Does the fact that the vulnerable driver was running previously, before ESET alerted me, mean that my system is compromised? No, your system is not compromised. The driver can be exploited by malware. In such case, the driver would be very likely in a different folder than that with the Process Explorer executable. Quote Link to comment Share on other sites More sharing options...
Tetranitrocubane 1 Posted February 8 Author Share Posted February 8 Thanks much, Marcos. I appreciate your help and reassurance. I've updated the program and deleted the old one, so hopefully the vulnerability is eliminated. Out of curiosity, a cursory search of the forums after my post reveals that this has been an issue that others have encountered months ago - For some reason I only had this happen to me today, despite keeping ESET up to date for the last few years. I also launch Process Explorer with Admin privileges first thing on every boot. Is there a reason why this detection would occur so late for me? I haven't changed any options in ESET recently. I'm concerned that something else might be compromising ESETs effectiveness. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 5,085 Posted February 8 Administrators Share Posted February 8 I assume it could be because it was not a newly created file signed by Microsoft. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.