Attempted Registry Edit - Is something fishy going on?

Th3Fang

Honorable
Nov 25, 2012
14
0
10,560
0
This just popped up with 360 Total Security. A registry change was about to be made but was blocked by the program, and then these processes wanted to start up. Is anything fishy going on?
The log provided by 360 Total Security is provided below.

2016-03-13 10:30:42 Process Creation [Auto-blocked]
Details:
Process: C:\windows\Sysnative\services.exe
Action: Process creation
Path: C:\windows\Sysnative\taskhost.exe
2016-03-13 10:25:47 Process Creation [Auto-blocked]
Details:
Process: C:\windows\Sysnative\services.exe
Action: Process creation
Path: C:\windows\Sysnative\raserver.exe
2016-03-13 10:22:52 Modify driver or service [Blocked]
Detailed description:
Registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SERVICES\MSMPSVC\[FailureCommand]
Content: C:\windows\system32\mrt.exe /EHB /ServiceFailure "CAMP=4.9.218.0;approximate-> Engine=1.1.12505.0;AVSIG=1.215.1414.0;ASSIG=1.215.1414.0" /StartService /q
Process: C:\windows\Sysnative\services.exe
Parent Process:C:\windows\system32\wininit.exe , (103)

 

Ralston18

Dignified
Moderator
Based on the circumstances you describe I would probably not be concerned about the response from 360 Total Security.

As rule I avoid doing anything on my systems during AV scans, updates, backups, etc.. Even not going online.

Run a AV scan while nothing else is running.

Understand that you may not have that luxury per se but try to minimize system activity if at all possible. Yes, the computer should be able to tolerate multi-tasking etc. and it can. However for more critical activities I prefer just not to tempt "Mr. Murphy" any more than necessary.

If all is okay then just consider it a fluke that may or may not repeat itself. Keep an eye on things and pay attention to any further log entries or error messages on your system.

 

Ralston18

Dignified
Moderator
Understand that it "just popped up".

However, any sense of what may have been going on at that time? Any installs, upgrades,....etc..

The log is referencing Sysnative - are you using that?

Systnative tried to create at least 3 processes.....

mrt.exe is the Microsoft Removal Tool...

MSMPSVC is Microsoft Antimalware Service

To me it appears tha Sysnative attempted to modify the registry regarding msmpsvc.

360 Total Security stopped that from happening.

Maybe you can expand on that as you know your overall system.
 

TheFangTM

Estimable
Nov 27, 2015
2
0
4,510
0


At that time I was running a 360 Total Security scan and was installing a few Windows Updates. I was also editing a google doc file.

P.S. Disregard the account name, accidentally made another account for my phone.
 

Ralston18

Dignified
Moderator
Based on the circumstances you describe I would probably not be concerned about the response from 360 Total Security.

As rule I avoid doing anything on my systems during AV scans, updates, backups, etc.. Even not going online.

Run a AV scan while nothing else is running.

Understand that you may not have that luxury per se but try to minimize system activity if at all possible. Yes, the computer should be able to tolerate multi-tasking etc. and it can. However for more critical activities I prefer just not to tempt "Mr. Murphy" any more than necessary.

If all is okay then just consider it a fluke that may or may not repeat itself. Keep an eye on things and pay attention to any further log entries or error messages on your system.

 
Thread starter Similar threads Forum Replies Date
A Antivirus / Security / Privacy 5
C Antivirus / Security / Privacy 5
P Antivirus / Security / Privacy 2
F Antivirus / Security / Privacy 3
M Antivirus / Security / Privacy 5
I Antivirus / Security / Privacy 6
J Antivirus / Security / Privacy 4
friendlyone20 Antivirus / Security / Privacy 4
O Antivirus / Security / Privacy 13
ClubSpade12 Antivirus / Security / Privacy 7
gussrtk Antivirus / Security / Privacy 13
T Antivirus / Security / Privacy 1
M Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 4
S Antivirus / Security / Privacy 1
C Antivirus / Security / Privacy 5
Chugalug_ Antivirus / Security / Privacy 4
G Antivirus / Security / Privacy 3
R Antivirus / Security / Privacy 6
djreedj Antivirus / Security / Privacy 2

ASK THE COMMUNITY