To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

executables running in C:\windows\temp

OGIam
OGIam Posts: 5 Security Scout
in Business Suite

I just upgraded my SBS 2008 server to Email and Server Security 10.01. In looking through the settings, I noticed in Monitored Programs that there are several executables with what look like random names running from the C:\windows\temp folder. They reside in subfolders such as ihtemp and inve90_tmp. What concerns me is that the subfolders are not visible in Windows Explorer even when allowing it to view hidden and system folders. I'm assuming these are legit since F-Secure has scanned them, but I am understandably leery. Anyone seen something like this?

Comments

  • OGIam
    OGIam Posts: 5 Security Scout

    Okay, maybe I'm misunderstanding the monitored program display. Since it seems to update frequently, I assumed it was displaying active programs. Is it really just displaying programs that it has seen run at one time or another?

  • Fendy
    Fendy Posts: 4 Digital Defender

    Hi OGIam,

     

    How about if you uncheck "Hide protected operating system files" in the folder options? Alternatively, you can try to use DOS command:
    http://www.itechtics.com/unhide-files-and-folders-by-single-dos-command/

     

    Anyway, as long as F-Secure does not detect them as malicious, they can be considered safe.

     

    ---
    Best regards,
    Fendy

     

    Has somebody helped you? Say thanks by giving kudos. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

This discussion has been closed.

Categories