Process explorer: no alert but warning in Event log

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

When I open Sysinternals Process Explorer, I do not get a desktop alert
popup, but I do get a warning log in System events:

Source: Windows Defender
Category: None
Event ID: 3004

Description (relevant extracts)

Windows defender Real-Time Protection agent has detected potential malware
Scan ID {6A42FDBA-1739-4BAF-AE8D-D18BCD63DB5D}
User: xxxxx (me)
Threat name: Unknown
Thread Id:
Threatr Severity:
Threat Category:
Path Found: service PROCEXP100
Threat Classification: Unknown
Detection Type:

In Software Explorer, running programs it shows Process Explorer as Not yet
classified.

I am not concerned about the warning event (which is expected for a not yet
classified app), but am very concerned that I got no popup, hence no real
time warning (I am not in the habit of looking at event logs as they appear,
only look there now and then). I know PE is legit, but the lack of a warning
popup could be very serious in other cases.

Also no chance to send to Spynet for a vote to get Process Explorer
recognised as legit.

Running another not yet classified app (Everest Ultimate) I did get a pop
up. Why not for PE??
 
Have you turned on the option to notify "When changes are detected from
software that has not yet been classified"?

By default, we don't show unknown software prompts, because we don't expect
the average user to know what a service is. However, you early adopters
aren't average. :)

Thanks for trying Windows Defender,
Joe
 
Thanks - that explains the user profile hive cleanup issue as well, I think.
I turned that on at home, but I'm gonna sit down and turn it on on servers
as well.
 
Yes, the option to notify for not yet classified is on. As I said, one not
yet classified app (Everest Ultimate) alerts, PE doesn't.
 
become a Advanced member of Microsoft spynet to be alerted. If your a basic
member of spynet you won't be alerted. post back if it works.
 
Hi balem

WD is "stone dead" for me.............

Downloaded latest SmartFTP and installed.

- Advanced member checked, also restarted.

- Nofity checked for both changed allowed and unknown.

"Not yet classified"......... No way to change it myself,
I do know that this IS SmartFtp ;)

This function is really important for proper RTP functionality without
definitione recognise.

Do you understand the purpose with all checkboxes for RTP settings
(agents) ? Seen any alerts ?

regards
plun
 
Back
Top