question

ParrotsWayne-6503 avatar image
0 Votes"
ParrotsWayne-6503 asked ParrotsWayne-6503 answered

Ransomware: Windows Host Process, MsMpEng.exe

Dear All,

Recently, my TrendMicro said that there was a ransomware on Windows Host Process, the program location is "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe", the target location is "c:\windows\system32\svchost.exe".

I have ran the virus scanning, however, still do not know which file is a malware.

Do you have same problem? I don't know how could I clean it or stop it.

99309-01.png


windows-server
01.png (68.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CarlFan-MSFT avatar image
0 Votes"
CarlFan-MSFT answered

Hi,
The Antimalware Service Executable process (also known as MsMpEng.exe) plays an integral role in Windows Defender service. The process is responsible for allowing Windows Defender to monitor potential threats. I wonder if there is a conflict between Windows Defender and your security software. Update the Windows Defender to latest version or disable Windows Defender real-time feature.
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ParrotsWayne-6503 avatar image
0 Votes"
ParrotsWayne-6503 answered

Thanks Carl.

The server is running Windows Server 2016. There is about 20 servers are using Windows Server 2016, however, only 1 server get this issue, therefore, I am wonder it is a true ransom or not. However, I am lack of information about it...

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.