Windows PC has been turned off a few days so today is the first time since Patch Tuesday it has been turned on. While using it to do other things, here comes this File Reputation Warning showing some bizarre named files coming from an odd URL that has windowsupdate.com embedded by svchost.exe. Cannot figure out where you can COPY the URL and File to the clipboard.
Avast scan is negative, MalwareBytes is negative, uploaded svchost.exe to virustotal for negative. Checked DNS settings on PC and router and they point to ISP’s DNS IPs. I let Avast abort the connection but it has me worried…
It is just a warning.
And the warning is correct.
It is indeed a new/rare file since it is a update that just has been released.
Microsoft should have signed the file.
Seems svchost.exe is a general Windows systems file so it seems odd that Avast is suggesting to remove this file from a system. https://en.wikipedia.org/wiki/Svchost.exe
So I take it the Avast warning is incorrect and should be ignored?
The filerep warning is a automated system.
I don’t know the exact numbers, but lets say the first 100.000 avast users get to see the warning.
If you are avast user number 100.001 that downloads the update(s), you will not get the warning since the system now doesn’t see it as a rare (and therefore potentially suspicious) file anymore.
In theory it can be that only the first user gets the warning, but avast has to add the file(s) to the whitelist so it will not trigger the warning anymore.
Note :
This is just a simple explanation on how the filerep warning works.
No use of making it difficult so only a few people understand what I say, right
