Solved

about netsh.exe

  • 24 January 2019
  • 12 replies
  • 139 views

Badge +3
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html



icon

Best answer by TripleHelix 24 January 2019, 03:19

Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
View original

12 replies

Um, are your Webroot Advanced Settings at Default?
Userlevel 7
Badge +55
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
Badge +3
Um, are your Webroot Advanced Settings at Default?

I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
Badge +3
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,



Thank you for the confirmation, Triple. I'll keep my eyes on it. 🙂
Userlevel 7
Badge +55

Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,

Thank you for the confirmation, Triple. I'll keep my eyes on it. :)

Sure thing! 😉

Cheers,

Um, are your Webroot Advanced Settings at Default?I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.

I suspect that's why you saw prompt.
Just me. Just saying.
Regards
Userlevel 4
Badge +16
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.

Adam
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs (credit Support Team).
Userlevel 7
Badge +55

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs.

Not here since the beginning of WSA! Max.... The only thing if one uses not well known programs like I do I just ask support to whitelist my unknown files even when they are updated.

Userlevel 7
Badge +55
Nothing is being Monitored on my system!

To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
(credit Support Team)
Userlevel 7
Badge +55
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
source Support

Sorry I disagree and let the OP contact Support like I suggested and they will tell him what to do. 💩

Reply