Taskhostw.exe, real threat or false positive?
Erwan031284
Posted messages
168
Registration date
Status
Membre
Last intervention
-
4D3LE -
4D3LE -
Hello,
today, my antivirus (BitDef) blocked a potentially malicious application:
taskhostw.exe (C:\Windows\System32\taskhostw.exe)
with the following command-line parameters:
C:\Windows\System32\taskhostw.exe -k
LocalServiceNetworkRestricted -p -s NgcCtnrSvc
Given its location, I suspect it's a Windows function,
that the detected threat is a "false positive" (suspicious behavior, but not a real threat).
My questions are as follows:
Why did my antivirus suddenly detect this executable as a potential threat?
What do the parameters of the command that launched this program correspond to? (I specify: I understand the principle of command-line parameters, I'm asking what these specifically correspond to)
Thank you for the clarifications.
--
Because notices don't say everything...
But not nothing either, right!
today, my antivirus (BitDef) blocked a potentially malicious application:
taskhostw.exe (C:\Windows\System32\taskhostw.exe)
with the following command-line parameters:
C:\Windows\System32\taskhostw.exe -k
LocalServiceNetworkRestricted -p -s NgcCtnrSvc
Given its location, I suspect it's a Windows function,
that the detected threat is a "false positive" (suspicious behavior, but not a real threat).
My questions are as follows:
Why did my antivirus suddenly detect this executable as a potential threat?
What do the parameters of the command that launched this program correspond to? (I specify: I understand the principle of command-line parameters, I'm asking what these specifically correspond to)
Thank you for the clarifications.
--
Because notices don't say everything...
But not nothing either, right!
1 réponse
Hi,
Yes, it's a false positive.
To check your computer for potential infections and get a general status of the system:
Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
Send these 3 reports to the site https://pjjoint.malekal.com/ and in return give the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.
(The blue links lead to step-by-step explanatory tutorials, click on them for more precise instructions to follow).
Yes, it's a false positive.
To check your computer for potential infections and get a general status of the system:
Follow the FRST tutorial by clicking on this blue link. ( take the time to read carefully - everything is well explained ).
Download and run the FRST scan,
Wait for the scan to finish, a message will indicate that the analysis is complete.
Three FRST reports will be generated:
- FRST.txt
- Shortcut.
- Additionnal.txt
Send these 3 reports to the site https://pjjoint.malekal.com/ and in return give the 3 pjjoint links that lead to the reports here in a new response so that we can consult them.
(The blue links lead to step-by-step explanatory tutorials, click on them for more precise instructions to follow).
what if it was patched?
See you!