Solved

about netsh.exe


Badge +3
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html



icon

Best answer by TripleHelix 24 January 2019, 03:19

The_Count wrote:

Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,

View original

12 replies

Um, are your Webroot Advanced Settings at Default?
Userlevel 7
Badge +54
The_Count wrote:

Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
Badge +3
bjm_ wrote:

Um, are your Webroot Advanced Settings at Default?



I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
Badge +3
TripleHelix wrote:

Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,




Thank you for the confirmation, Triple. I'll keep my eyes on it. 🙂
Userlevel 7
Badge +54
The_Count wrote:


TripleHelix wrote:

Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,


Thank you for the confirmation, Triple. I'll keep my eyes on it. :)


Sure thing! 😉

Cheers,
The_Count wrote:


bjm_ wrote:

Um, are your Webroot Advanced Settings at Default?

I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.


I suspect that's why you saw prompt.
Just me. Just saying.
Regards
Userlevel 4
Badge +16
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.

Adam
AdamCMorgan wrote:

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.


Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs (credit Support Team).
Userlevel 7
Badge +54
bjm_ wrote:


AdamCMorgan wrote:

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.

Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs.


Not here since the beginning of WSA! Max.... The only thing if one uses not well known programs like I do I just ask support to whitelist my unknown files even when they are updated.

Userlevel 7
Badge +54
Nothing is being Monitored on my system!

To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
(credit Support Team)
Userlevel 7
Badge +54
bjm_ wrote:

To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
source Support


Sorry I disagree and let the OP contact Support like I suggested and they will tell him what to do. 💩

Reply

    Cookie policy

    We use cookies to enhance and personalize your experience. If you accept or continue browsing you agree to our cookie policy. Learn more about our cookies.

    Accept cookies Cookie settings