Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Hidden process since last Windows update

25 Nov 2014   #1
Read Only

Windows 7 Professional x64
 
 
Hidden process since last Windows update

This is a thread addressed to security experts willing to help.

Ever since I installed the latest windows security updates, my firewall is detecting a hidden process acting as a medium when I try to go online with some applications. I call it hidden process because my firewall is unable to tell the app name and its location, which is quite unusual.

If I refuse internet access to that hidden process, then certain applications fail to go online.

This is quite worrying because it happens with an encrypted sandbox and encrypted openoffice documents. So since the latest windows update, both virtualbox and openoffice can no longer go online without that hidden process acting as a medium.

Could somebody give me indications about how I could identify that process? My system is Win 7 x64 SP1 up to date and nothing was detected by a full scan from a leading antivirus software.


My System SpecsSystem Spec
.
25 Nov 2014   #2
McSeven

W7 Prof 64 bit
 
 

Maybe Microsoft's Process Explorer can help you.

Process Explorer
My System SpecsSystem Spec
25 Nov 2014   #3
Read Only

Windows 7 Professional x64
 
 

I wish it was that easy, but I wouldn't need to post about it then.

The process is completely hidden to regular tools, it is probably located in the RAM and encrypted. I will need something a lot more advanced to identify it.
My System SpecsSystem Spec
.

25 Nov 2014   #4
Tookeri

Windows 7 Pro 32
 
 

Does the firewall log not even show a Process ID?
My System SpecsSystem Spec
25 Nov 2014   #5
Read Only

Windows 7 Professional x64
 
 

Log of the process

U/D#
U-44941

Date
25/11/14,19:13:07

Rule
APP: Blocked

Type
EXE

Address/Application
?

Compliment
UNKNOWN
My System SpecsSystem Spec
25 Nov 2014   #6
Tookeri

Windows 7 Pro 32
 
 

And if you compare that to a log entry for another not "hidden" file, can you see the PID?

Don't know what firewall you have but Windows Firewall that I use shows a blocked connection like this:
Hidden process since last Windows update-fwblock.png


My System SpecsSystem Spec
25 Nov 2014   #7
Read Only

Windows 7 Professional x64
 
 

I have a very basic firewall, no it does not show process id unfortunately, but it does its firewall job with high reliability, and unlike other "advanced" firewalls such as comodo, it has never failed preventing an app going online.
My System SpecsSystem Spec
25 Nov 2014   #8
Tookeri

Windows 7 Pro 32
 
 

Then IMHO it's not a good firewall. Detailed logs are as important as the functionality in my world, especially for firewalls.

I suggest you scan with other products, for example Malwarebytes | Free Anti-Malware Detection & Removal Software and the more aggressive https://security.symantec.com/nbrt/npe.aspx
warning   Warning
Norton Power Eraser is known for showing many false positives!
My System SpecsSystem Spec
26 Nov 2014   #9
Read Only

Windows 7 Professional x64
 
 

I doubt anything an antivir is going to help, I have already tried that, first I'm going to uninstall the windows security updates one by one to identify the one that is inserting the hidden process, then I'll look for a security expert site.

Thank guys see you.
My System SpecsSystem Spec
27 Nov 2014   #10
1PW

 
 

Hello Read Only:

I would be appropriately surprised if any of your computer's hidden Internet activities could elude monitoring by https://www.wireshark.org.

Good hunting.
My System SpecsSystem Spec
Reply

 Hidden process since last Windows update




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Windows Update - Hide or Restore Hidden Updates
How to Hide or Restore Hidden Windows Updates in Windows 7 and Windows 8 This tutorial will show you how to either hide or unhide Windows Updates to have them listed or not listed as available to install again in Windows 7 and Windows 8. To Hide a Windows Update 1. Open the Control...
Tutorials
How to make explorer see/process a hidden desktop link at startup
I'm sure I can safely assume nobody has ever asked this question before (or probably even thought of why one might want such a thing!). You see, I have this program that I made which I use to send running apps to the system tray. I use the program exclusively through explorer's desktop link...
General Discussion
Windows 7 + Process Explorer + Patch: [Opening error process]
Hi fooks, I hope you all can read this, i'm from Belgium so my Englsich is not as good as it might be. I have bought last year a little notebook with Windows 7 Home Premium on it. On this machine i am the Administrator, and there are no other people on that, or guestaccounts made. On...
Installation & Setup
Sysinternals Process Monitor Update v2.04
source: Sysinternals Site Discussion
Software
Process Explorer/AutoRuns Update
Update for Process Explorer and AutoRuns from Sysinternals if anybody uses these. Update from v11.31 to v11.32 for Process Explorer and v9.37 to v9.38 for AutoRuns. Sysinternals Site Discussion
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 15:04.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App