Process explorer: no alert but warning in Event log

G

Guest

When I open Sysinternals Process Explorer, I do not get a desktop alert
popup, but I do get a warning log in System events:

Source: Windows Defender
Category: None
Event ID: 3004

Description (relevant extracts)

Windows defender Real-Time Protection agent has detected potential malware
Scan ID {6A42FDBA-1739-4BAF-AE8D-D18BCD63DB5D}
User: xxxxx (me)
Threat name: Unknown
Thread Id:
Threatr Severity:
Threat Category:
Path Found: service PROCEXP100
Threat Classification: Unknown
Detection Type:

In Software Explorer, running programs it shows Process Explorer as Not yet
classified.

I am not concerned about the warning event (which is expected for a not yet
classified app), but am very concerned that I got no popup, hence no real
time warning (I am not in the habit of looking at event logs as they appear,
only look there now and then). I know PE is legit, but the lack of a warning
popup could be very serious in other cases.

Also no chance to send to Spynet for a vote to get Process Explorer
recognised as legit.

Running another not yet classified app (Everest Ultimate) I did get a pop
up. Why not for PE??
 
G

Guest

Have you turned on the option to notify "When changes are detected from
software that has not yet been classified"?

By default, we don't show unknown software prompts, because we don't expect
the average user to know what a service is. However, you early adopters
aren't average. :)

Thanks for trying Windows Defender,
Joe
 
B

Bill Sanderson

Thanks - that explains the user profile hive cleanup issue as well, I think.
I turned that on at home, but I'm gonna sit down and turn it on on servers
as well.
 
G

Guest

Yes, the option to notify for not yet classified is on. As I said, one not
yet classified app (Everest Ultimate) alerts, PE doesn't.
 
G

Guest

become a Advanced member of Microsoft spynet to be alerted. If your a basic
member of spynet you won't be alerted. post back if it works.
 
P

plun

Hi balem

WD is "stone dead" for me.............

Downloaded latest SmartFTP and installed.

- Advanced member checked, also restarted.

- Nofity checked for both changed allowed and unknown.

"Not yet classified"......... No way to change it myself,
I do know that this IS SmartFtp ;)

This function is really important for proper RTP functionality without
definitione recognise.

Do you understand the purpose with all checkboxes for RTP settings
(agents) ? Seen any alerts ?

regards
plun
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Defender giving event id errors on boot 13
False positive 4
Windows Defender - Warning Event ID 3004 -spoolsv.exe 7
Windows Defender "Event" 3
Event ID 3004 1
Windows Defender Warning 14
Need help identifying what these might be 1
User Profiles Hive Cleanup version 1.6.30 issue 2

Top