https://www.file.net/process/netsh.exe.html
Solved
about netsh.exe
+3Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?
https://www.file.net/process/netsh.exe.html
https://www.file.net/process/netsh.exe.html
Best answer by TripleHelix
The_Count wrote:
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?
https://www.file.net/process/netsh.exe.html
https://www.file.net/process/netsh.exe.html
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
1. Ah ah ah ah. 2. ah ah ah 3. ah ah ah
+63The_Count wrote:
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?
https://www.file.net/process/netsh.exe.html
https://www.file.net/process/netsh.exe.html
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
+3bjm_ wrote:
Um, are your Webroot Advanced Settings at Default?
I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
+3TripleHelix wrote:
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
Thank you for the confirmation, Triple. I'll keep my eyes on it. 🙂
1. Ah ah ah ah. 2. ah ah ah 3. ah ah ah
+63The_Count wrote:
TripleHelix wrote:
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe
https://en.wikipedia.org/wiki/Netsh
Thanks,
Thank you for the confirmation, Triple. I'll keep my eyes on it. :)
Sure thing! 😉
Cheers,
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
1 person likes this
The_Count wrote:
bjm_ wrote:
Um, are your Webroot Advanced Settings at Default?
I suspect that's why you saw prompt.
Just me. Just saying.
Regards
1 person likes this
+16We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Adam
Adam
AdamCMorgan wrote:
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs (credit Support Team).
+63bjm_ wrote:
AdamCMorgan wrote:
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Webroot Advanced Settings not at Default creates chatty Logs.
Not here since the beginning of WSA! Max.... The only thing if one uses not well known programs like I do I just ask support to whitelist my unknown files even when they are updated.
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
1 person likes this
+63Nothing is being Monitored on my system!
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
1 person likes this
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
(credit Support Team)
(credit Support Team)
+63bjm_ wrote:
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
source Support
source Support
Sorry I disagree and let the OP contact Support like I suggested and they will tell him what to do. 💩
Daniel - Microsoft MVP Consumer Security (2012-2016) Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station" ¯\_(ツ)_/¯
1 person likes this
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.