Solved

about netsh.exe

  • 24 January 2019
  • 12 replies
  • 721 views

Badge +3
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html



icon

Best answer by TripleHelix 24 January 2019, 03:19

View original

12 replies

Userlevel 7
Badge +63
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
source Support

Sorry I disagree and let the OP contact Support like I suggested and they will tell him what to do. 💩
To ensure the best protection for your device please set the Firewall and Heuristics to default. These are pre-configured to best protect your device and should not be changed unless done so for a specific reason or for troubleshooting purposes.
(credit Support Team)
Userlevel 7
Badge +63
Nothing is being Monitored on my system!

Userlevel 7
Badge +63

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs.

Not here since the beginning of WSA! Max.... The only thing if one uses not well known programs like I do I just ask support to whitelist my unknown files even when they are updated.

We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.
Are your Advanced Settings at Default.
Webroot Advanced Settings not at Default creates chatty Logs (credit Support Team).
Userlevel 4
Badge +16
We aggregate info from WRLog.log on all our machines, and in any 7-day period there are many thousands of "Monitoring Process" lines for native Windows executables like cmd.exe & netsh.exe as well as netstat, rundll32, wmic,and net. Nothing to worry about - they're being invoked by other programs.

Adam

Um, are your Webroot Advanced Settings at Default?I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.

I suspect that's why you saw prompt.
Just me. Just saying.
Regards
Userlevel 7
Badge +63

Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,

Thank you for the confirmation, Triple. I'll keep my eyes on it. :)

Sure thing! 😉

Cheers,
Badge +3
Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,



Thank you for the confirmation, Triple. I'll keep my eyes on it. 🙂
Badge +3
Um, are your Webroot Advanced Settings at Default?

I have changed around the settings so that the Heuristics are more discriminating, and maybe a few others, too.
Userlevel 7
Badge +63
Okay. So my Webroot blocked a program and I wanted to know if it was legit. netsh.exe is a legit file IF it is located in the Windows\System32 folder, right? Well, this file appears in SysWOW64 so now I am feeling afraid because this could be just be a malware file that's trying to slip under the radar by giving itself the appearance of being a legit system program. Am I being unnecessarily paranoid or do you guys think this is suspicious too?

https://www.file.net/process/netsh.exe.html




Yes there is a netsh.exe in SysWOW64 so I would allow once and if it continues then Submit a Support Ticket and they will let you know for sure!


https://docs.microsoft.com/en-us/windows/desktop/winsock/netsh-exe

https://en.wikipedia.org/wiki/Netsh

Thanks,
Um, are your Webroot Advanced Settings at Default?

Reply