Kaspersky randomly added SecurityHealthHost.exe to Trusted Apps [Solved][Closed]

[ChristianRoule]

This is really weird. First, when browsing the internet, Kaspersky detects a potentially malicious script on a website (the yellow triangle icon), then a few minutes later, without me doing anything, Kaspersky randomly added "SecurityHealthHost.exe" to the Trusted Apps Group, saying by virtue of it being signed by Microsoft. I've not heard of "SecurityHealthHost.exe" before. I've heard of "SecurityHealthService.exe" but not this... and none of my other computers have that file on it... just this one. However, Kaspersky Total Security, Malwarebytes, and TDSSKilller are coming up blank. I'm in Safe Mode and about to run RogueKiller, but if anyone has any ideas... I'd appreciate it. If this isn't a virus/malware and I'm just spinning my wheels, I'd like to know.

[richbuff]

Welcome. File.net shows SecurityHealthHost.exe as ok/fine. Mine is located in System32.

[ChristianRoule]

Welcome. File.net shows SecurityHealthHost.exe as ok/fine. Mine is located in System32.

Hi there and thank you for the warm welcome. Not to question you, but can you link to that? All I see is SecurityHealthService.exe on that site. It would certainly clean my mind.

[richbuff]

Ooops, my bad. Here is what I found: https://www.hybrid-analysis.com/sample/27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e?environmentId=120

[ChristianRoule]

Ooops, my bad. Here is what I found: https://www.hybrid-analysis.com/sample/27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e?environmentId=120

Thanks. Everything is coming up negative, but just to be safe I'm going to change my settings and block that application. But you saw it in your directory, right? I'm thinking it might be a false positive. What do you think?

[Flood and Flood's wife]

Hello ChristianRoule, As well as the advice from Richbuff, a little more info: https://www.file.net/process/securityhealthservice.exe.html . C:\Windows\System32 is the only place SecurityHealthHost.exe should be. Best regards!

[ChristianRoule]

Hello ChristianRoule, As well as the advice from Richbuff, a little more info: https://www.file.net/process/securityhealthservice.exe.html . C:\Windows\System32 is the only place SecurityHealthHost.exe should be. Best regards!

Thanks again! I think what keeps confusing me, and the reason I'm not 100% sure it's not a virus, is that people keep mentioning "SecurityHealthService.exe" when it's SecurityHealthHost.exe I'm concerned about. I'm confused as to why there is so little information on SecurityHealthHost.exe out there, and the few Google Searches show it as being kinda-maybe malicious. No one seems sure, and that is what is confusing me. Why do some people have it in their System32 and some don't? I guess I just want someone who understands that module to confirm that SecurityHealthHost.exe is a legitimate process. If anyone could do that, could provide an explanation, I'd feel so much better.

[ChristianRoule]

I think this is getting laid to rest. Someone on Bleeping Computer is helping me verify that nothing is wrong. I'm beginning to think that the entire thing is a massive timing coincidence, that somehow SecurityHealthHost.exe activated and was placed in the Trusted Group by Kaspersky in response to the malicious website it blocked. And then when I saw suspicious information when I Googled it, things got hairy. But thank you so much for your time and attentiveness to this!

[Flood and Flood's wife]

"people keep mentioning "SecurityHealthService.exe" when it's SecurityHealthHost.exe"SecurityHealthHost.exe activated and was placed in the Trusted Group by Kaspersky in response to the malicious website it blocked. And then when I saw suspicious information when I Googled it, things got hairy. & https://www.bleepingcomputer.com/forums/t/700621/kaspersky-randomly-added-securityhealthhostexe-to-trusted-apps/ But thank you so much for your time and attentiveness to this!

Hello ChristianRoule, Re the name mixup, my bad:disappointed_relieved:, please forgive? I agree with your conclusions, however, a question, did you submit SecurityHealthHost.exe to Kaspersky's Virus/Malware experts, https://virusdesk.kaspersky.com, to check? It would not hurt to have SecurityHealthHost.exe analysed, especially as there was an alert, even if it was a "timing" coincidence. & SecurityHealthHost.exe "creation date" 2038-06-25 11:09:50 is "unusual" Best regards!

[ChristianRoule]

Hello ChristianRoule, Re the name mixup, my bad:disappointed_relieved:, please forgive? I agree with your conclusions, however, a question, did you submit SecurityHealthHost.exe to Kaspersky's Virus/Malware experts, https://virusdesk.kaspersky.com, to check? It would not hurt to have SecurityHealthHost.exe analysed, especially as there was an alert, even if it was a "timing" coincidence. & SecurityHealthHost.exe "creation date" 2038-06-25 11:09:50 is "unusual" Best regards!

It's all good. No worries! Yes, I submitted to https://virusdesk.kaspersky.com and it came out negative. I even sent it to Kaspersky to analyze. It should all be good. I want to thank everyone for helping me with this. This is an amazing set of communities. We can close this out now. All's good!