To Customer Support To Customer Support
Solved

about netsh.exe

  • 24 January 2019
  • 12 replies
  • 727 views
The_Count
Rank
Badge +3
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html



icon

Best answer by TripleHelix 24 January 2019, 03:19

View original
1 Attachment
1. Ah ah ah ah. 2. ah ah ah 3. ah ah ah

12 replies

B
Rank
Um, are your Webroot Advanced Settings at Default?
TripleHelix
Rank
Userlevel 7
Badge +63
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
The_Count
Rank
Badge +3
Um, are your Webroot Advanced Settings at Default?

I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
1. Ah ah ah ah. 2. ah ah ah 3. ah ah ah
The_Count
Rank
Badge +3
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,


Thank you for the confirmation, Triple. I'll keep my eyes on it. 🙂
1. Ah ah ah ah. 2. ah ah ah 3. ah ah ah
TripleHelix
Rank
Userlevel 7
Badge +63

Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
Thank you for the confirmation, Triple. I'll keep my eyes on it. :)
Sure thing! 😉

Cheers,
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
B
Rank

Um, are your Webroot Advanced Settings at Default?I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
I suspect that's why you saw prompt.
Just me. Just saying.
Regards
AdamCMorgan
Rank
Userlevel 4
Badge +16
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.

Adam
NOC Engineer, Webroot SME
B
Rank
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs (credit Support Team).
TripleHelix
Rank
Userlevel 7
Badge +63

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs.
Not here since the beginning of WSA! Max.... The only thing if one uses not well known programs like I do I just ask support to whitelist my unknown files even when they are updated.

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
TripleHelix
Rank
Userlevel 7
Badge +63
Nothing is being Monitored on my system!

Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"
B
Rank
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
(credit Support Team)
TripleHelix
Rank
Userlevel 7
Badge +63
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
source Support
Sorry I disagree and let the OP contact Support like I suggested and they will tell him what to do. 💩
Daniel - Windows 10 Pro x64 for Workstations 22H2 on my Alienware 17R2 and Alienware 17R5 Laptops with Webroot SecureAnywhere Complete Beta Tester for PC & Android Moto G9 Plus OS 11. "Take Them to the Train Station"

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.