Hidden process since last Windows update


  1. Read Only
    Posts : 49
    Windows 7 Professional x64
       New #1

    Hidden process since last Windows update


    This is a thread addressed to security experts willing to help.

    Ever since I installed the latest windows security updates, my firewall is detecting a hidden process acting as a medium when I try to go online with some applications. I call it hidden process because my firewall is unable to tell the app name and its location, which is quite unusual.

    If I refuse internet access to that hidden process, then certain applications fail to go online.

    This is quite worrying because it happens with an encrypted sandbox and encrypted openoffice documents. So since the latest windows update, both virtualbox and openoffice can no longer go online without that hidden process acting as a medium.

    Could somebody give me indications about how I could identify that process? My system is Win 7 x64 SP1 up to date and nothing was detected by a full scan from a leading antivirus software.
      My Computer
    Quote Quote

  3. McSeven
    Posts : 214
    W7 Prof 64 bit
       New #2

    Maybe Microsoft's Process Explorer can help you.

    Process Explorer
      My Computer
    Quote Quote

  4. Read Only
    Posts : 49
    Windows 7 Professional x64
    Thread Starter
       New #3

    I wish it was that easy, but I wouldn't need to post about it then.

    The process is completely hidden to regular tools, it is probably located in the RAM and encrypted. I will need something a lot more advanced to identify it.
      My Computer
    Quote Quote

  6. Tookeri
    Posts : 1,049
    Windows 7 Pro 32
       New #4

    Does the firewall log not even show a Process ID?
      My Computer
    Quote Quote

  7. Read Only
    Posts : 49
    Windows 7 Professional x64
    Thread Starter
       New #5

    Log of the process

    U/D#
    U-44941

    Date
    25/11/14,19:13:07

    Rule
    APP: Blocked

    Type
    EXE

    Address/Application
    ?

    Compliment
    UNKNOWN
      My Computer
    Quote Quote

  8. Tookeri
    Posts : 1,049
    Windows 7 Pro 32
       New #6

    And if you compare that to a log entry for another not "hidden" file, can you see the PID?

    Don't know what firewall you have but Windows Firewall that I use shows a blocked connection like this:
    Hidden process since last Windows update-fwblock.png
      My Computer
    Quote Quote

  10. Read Only
    Posts : 49
    Windows 7 Professional x64
    Thread Starter
       New #7

    I have a very basic firewall, no it does not show process id unfortunately, but it does its firewall job with high reliability, and unlike other "advanced" firewalls such as comodo, it has never failed preventing an app going online.
      My Computer
    Quote Quote

  11. Tookeri
    Posts : 1,049
    Windows 7 Pro 32
       New #8

    Then IMHO it's not a good firewall. Detailed logs are as important as the functionality in my world, especially for firewalls.

    I suggest you scan with other products, for example Malwarebytes | Free Anti-Malware Detection & Removal Software and the more aggressive https://security.symantec.com/nbrt/npe.aspx
       Warning
    Norton Power Eraser is known for showing many false positives!
      My Computer
    Quote Quote

  12. Read Only
    Posts : 49
    Windows 7 Professional x64
    Thread Starter
       New #9

    I doubt anything an antivir is going to help, I have already tried that, first I'm going to uninstall the windows security updates one by one to identify the one that is inserting the hidden process, then I'll look for a security expert site.

    Thank guys see you.
      My Computer
    Quote Quote

  13. 1PW
    Posts : 41
    W7
       New #10

    Hello Read Only:

    I would be appropriately surprised if any of your computer's hidden Internet activities could elude monitoring by https://www.wireshark.org.

    Good hunting.
      My Computer
    Quote Quote

 

  Related Discussions
Hello Folks, I came across an issue which is affecting the performance of my system. After i close chrome, it closes but it is running an undected process in the background in the form of a service maybe, which does not stop after chrome has stopped. I have stopped the google update...
Windows Update Process Auto-run after stopping
in Windows Updates & Activation

Hi, Why can't windows update stop when it is stopped? I tried changing the settings to "only check for updates but let me decide when/if to install them" but clicking OK does not respond. When I stopped its process from task manager under "processes" tab, it will reappear by itself after a few...
How to Hide or Restore Hidden Windows Updates in Windows 7 and Windows 8 This tutorial will show you how to either hide or unhide Windows Updates to have them listed or not listed as available to install again in Windows 7 and Windows 8. To Hide a Windows Update 1. Open the Control...
I'm sure I can safely assume nobody has ever asked this question before (or probably even thought of why one might want such a thing!). You see, I have this program that I made which I use to send running apps to the system tray. I use the program exclusively through explorer's desktop link...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 16:17.
Find Us