Jump to content
Kaspersky Support Forum

Kaspersky randomly added SecurityHealthHost.exe to Trusted Apps [Solved][Closed]

ChristianRoule
 Share
Go to solution Solved by Flood and Flood's wife,

Recommended Posts

ChristianRoule

ChristianRoule

Posted
  • Author
Posted
This is really weird. First, when browsing the internet, Kaspersky detects a potentially malicious script on a website (the yellow triangle icon), then a few minutes later, without me doing anything, Kaspersky randomly added "SecurityHealthHost.exe" to the Trusted Apps Group, saying by virtue of it being signed by Microsoft. I've not heard of "SecurityHealthHost.exe" before. I've heard of "SecurityHealthService.exe" but not this... and none of my other computers have that file on it... just this one. However, Kaspersky Total Security, Malwarebytes, and TDSSKilller are coming up blank. I'm in Safe Mode and about to run RogueKiller, but if anyone has any ideas... I'd appreciate it. If this isn't a virus/malware and I'm just spinning my wheels, I'd like to know.
Link to comment
Share on other sites
ChristianRoule

ChristianRoule

Posted
  • Author
Posted

Welcome. File.net shows SecurityHealthHost.exe as ok/fine. Mine is located in System32.
Hi there and thank you for the warm welcome. Not to question you, but can you link to that? All I see is SecurityHealthService.exe on that site. It would certainly clean my mind.
Link to comment
Share on other sites
ChristianRoule

ChristianRoule

Posted
  • Author
Posted
Ooops, my bad. Here is what I found: https://www.hybrid-analysis.com/sample/27fe99211e89c7ec5fddee43accb5278684d7ac5fab3a2557069a55af1153b5e?environmentId=120
Thanks. Everything is coming up negative, but just to be safe I'm going to change my settings and block that application. But you saw it in your directory, right? I'm thinking it might be a false positive. What do you think?
Link to comment
Share on other sites
ChristianRoule

ChristianRoule

Posted
  • Author
Posted
Hello ChristianRoule, As well as the advice from Richbuff, a little more info: https://www.file.net/process/securityhealthservice.exe.html . C:\Windows\System32 is the only place SecurityHealthHost.exe should be. Best regards!
Thanks again! I think what keeps confusing me, and the reason I'm not 100% sure it's not a virus, is that people keep mentioning "SecurityHealthService.exe" when it's SecurityHealthHost.exe I'm concerned about. I'm confused as to why there is so little information on SecurityHealthHost.exe out there, and the few Google Searches show it as being kinda-maybe malicious. No one seems sure, and that is what is confusing me. Why do some people have it in their System32 and some don't? I guess I just want someone who understands that module to confirm that SecurityHealthHost.exe is a legitimate process. If anyone could do that, could provide an explanation, I'd feel so much better.
Link to comment
Share on other sites
ChristianRoule

ChristianRoule

Posted
  • Author
Posted
I think this is getting laid to rest. Someone on Bleeping Computer is helping me verify that nothing is wrong. I'm beginning to think that the entire thing is a massive timing coincidence, that somehow SecurityHealthHost.exe activated and was placed in the Trusted Group by Kaspersky in response to the malicious website it blocked. And then when I saw suspicious information when I Googled it, things got hairy. But thank you so much for your time and attentiveness to this!
Link to comment
Share on other sites
Flood and Flood's wife

Flood and Flood's wife

Posted
Posted
"people keep mentioning "SecurityHealthService.exe" when it's SecurityHealthHost.exe"SecurityHealthHost.exe activated and was placed in the Trusted Group by Kaspersky in response to the malicious website it blocked. And then when I saw suspicious information when I Googled it, things got hairy. & https://www.bleepingcomputer.com/forums/t/700621/kaspersky-randomly-added-securityhealthhostexe-to-trusted-apps/ But thank you so much for your time and attentiveness to this!
Hello ChristianRoule, Re the name mixup, my bad:disappointed_relieved:, please forgive? I agree with your conclusions, however, a question, did you submit SecurityHealthHost.exe to Kaspersky's Virus/Malware experts, https://virusdesk.kaspersky.com, to check? It would not hurt to have SecurityHealthHost.exe analysed, especially as there was an alert, even if it was a "timing" coincidence. & SecurityHealthHost.exe "creation date" 2038-06-25 11:09:50 is "unusual" Best regards!
Link to comment
Share on other sites
ChristianRoule

ChristianRoule

Posted
  • Author
Posted
Hello ChristianRoule, Re the name mixup, my bad:disappointed_relieved:, please forgive? I agree with your conclusions, however, a question, did you submit SecurityHealthHost.exe to Kaspersky's Virus/Malware experts, https://virusdesk.kaspersky.com, to check? It would not hurt to have SecurityHealthHost.exe analysed, especially as there was an alert, even if it was a "timing" coincidence. & SecurityHealthHost.exe "creation date" 2038-06-25 11:09:50 is "unusual" Best regards!
It's all good. No worries! Yes, I submitted to https://virusdesk.kaspersky.com and it came out negative. I even sent it to Kaspersky to analyze. It should all be good. I want to thank everyone for helping me with this. This is an amazing set of communities. We can close this out now. All's good!
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing


×
×
  • Create New...