winlogon.exe

  • Thread starter Thread starter John Shaffer
  • Start date Start date
J

John Shaffer

I use a piece of security software that flags
winlogon.exe during the login process of an XP client in
a Windows 2000 network. Winlogon.exe attempts to modify
several dll's and some other files during this process.

Is this something that is supposed to occur in Windows XP
and, if so, do you know what files it is supposed to be
modifying?

I would appreciate any help.
 
John Shaffer said:
I use a piece of security software that flags
winlogon.exe during the login process of an XP client in
a Windows 2000 network. Winlogon.exe attempts to modify
several dll's and some other files during this process.

Is this something that is supposed to occur in Windows XP
and, if so, do you know what files it is supposed to be
modifying?

I would appreciate any help.
Click to expand...

winlogon.exe is either a normal system process or a parasite it depends on
its location.
http://www.neuber.com/taskmanager/process/winlogon.exe.html

http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/
 
Norton Internet Security 2005 reports Unautorized access by Winlogon.exe --
in the C:\Program Files\Common Files\Symantec Shared\ folder -- Why. see
example below from Symantec Resource Protector log:

Time: 3/15/2005 9:22:10 PM
Actor: C:\WINDOWS\system32\winlogon.exe (PID=688)
Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
Action: Unauthorized access
Reaction: Unauthorized access stopped

Anyone know why Winlogon would be accessing this folder?
 
The process "winlogon.exe" runs in the background. It's a part
of the Windows Login subsystem. Winlogon is necessary for
user authorization and checks the Windows XP activation code.
Ref: http://www.neuber.com/taskmanager/process/winlogon.exe.html

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

:

| Norton Internet Security 2005 reports Unautorized access by Winlogon.exe --
| in the C:\Program Files\Common Files\Symantec Shared\ folder -- Why. see
| example below from Symantec Resource Protector log:
|
| Time: 3/15/2005 9:22:10 PM
| Actor: C:\WINDOWS\system32\winlogon.exe (PID=688)
| Target: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
| Action: Unauthorized access
| Reaction: Unauthorized access stopped
|
| Anyone know why Winlogon would be accessing this folder?
 
Back
Top