Windows 10 Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Wed, 11 Sep 2024 00:52:24 +0000 en-US hourly 1 https://wordpress.org/?v=77877 200474804 Werfault.exe Error https://gridinsoft.com/blogs/werfault-exe-error-troubleshooting/ https://gridinsoft.com/blogs/werfault-exe-error-troubleshooting/#respond Tue, 10 Sep 2024 16:28:15 +0000 https://gridinsoft.com/blogs/?p=20206 Werfault.exe is a system process used to collect information about program errors, which helps diagnose and resolve issues to improve the user experience. In certain cases, it can repeatedly crash, displaying an error message, and also be used by malware. What is Werfault.exe? Werfault.exe is a Windows Error Reporting (WER) process. It is responsible for… Continue reading Werfault.exe Error

The post Werfault.exe Error appeared first on Gridinsoft Blog.

]]>
Werfault.exe is a system process used to collect information about program errors, which helps diagnose and resolve issues to improve the user experience. In certain cases, it can repeatedly crash, displaying an error message, and also be used by malware.

What is Werfault.exe?

Werfault.exe is a Windows Error Reporting (WER) process. It is responsible for handling error reporting in Windows operating systems. WerFault.exe was first released on 11/08/2006 for Windows Vista and is still present in Windows 10 and 11. Such errors arise when loading WerFault fails, either during the start of the application or, in some cases, while the application is running.

Thus, when a program encounters an error, Werfault collects information about it. It includes the program causing the error, the nature of the error, and system information. Next, Werfault offers options for sending this information to Microsoft for analysis. This will help Microsoft improve the stability and reliability of Windows (probably). Werfault.exe typically runs in the background and should not usually require user interaction unless prompted by an error.

Fix Werfault.exe Application Error

Werfault.exe error usually means an issue with the Windows Error Reporting process or an application causing it to crash. However, it’s nothing to worry about if it only happens one or two times!

Werfault.exe Application Error
Werfault.exe Application Error itself

But if the WerFault.exe error occurs repeatedly and causes trouble, or if it takes a relatively high CPU power in Task Manager, you should take action to resolve it. Here are some steps that you can take to try and fix this issue:

Step 1. Update Windows

Windows constantly improves to enhance its stability and reduce program crashes. To achieve this goal, Microsoft provides regular security updates and bug fixes. You may encounter security issues and bugs if you don’t install these updates. A couple of particular Windows updates broke WerFault, which Microsoft addressed in further patches. To check for updates, press the Windows key + I and click “Windows Update”. If there are any updates available, download and install them.

Windows Update
If you can see this, you’ve done it right.

Step 2. Run the Windows SFC Scan

The SFC tool repairs corrupt system files that can cause Werfault.exe errors. Press Windows key + R, type “cmd”, and hit Ctrl+Shift+Enter to open Command Prompt as administrator. Next, type or paste in the Command Prompt “sfc /scannow” and press enter.

sfc command

After completing the scan, Windows will attempt to repair any corrupt files. Finally, restart your device and check if the error is corrected. If the scan finds corrupt files, but Windows is unable to repair them, try repairing corrupt system files using repair tools.

Important note! Avoid downloading and copying WerFault.exe to your Windows system directory from third-party sites. Microsoft typically does not release standalone Windows EXE files for download because they are already bundled together inside a software installer. This may cause system instability and stop your program or OS from functioning.

Step 3. Use Repair Mode

Please restart your PC using the pressed Shift button—this will turn the device into Automatic Repair. Select Advanced options to enter WinRe and choose your language. Next, select the Troubleshoot and Advanced options.

Command promt in the recovery mode

Select Command Prompt, log in with your account and run the below commands.

chkdsk X: /f
bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd

📖 Note: If you installed the system update before the system is abnormal, you can use “Uninstall Updates” to uninstall recent updates (which include Quality updates and Feature updates; try both).

Step 4. Try to Find Malware

While Werfault.exe is a legit executable file, its activity may be attributed to malicious software. Hackers use DLL sideloading technique by exploiting the WerFault.exe tool to deploy malware onto compromised systems. This method allows them to infect devices discreetly without triggering antivirus alarms. During this exploitation, you may see the said errors coming from WerFault.exe, as well as the process itself in the Task Manager.

Malware can sometimes exploit genuine processes in its activity. This can cause program crashes and, in some cases, trigger the werfault.exe error. I recommend GridinSoft Anti-Malware; it is best suited to detect and remove even sophisticated malware.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Werfault.exe Error appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/werfault-exe-error-troubleshooting/feed/ 0 20206
How to Disable Windows Defender? Windows 10 & 11 Guide https://gridinsoft.com/blogs/how-to-disable-windows-defender/ https://gridinsoft.com/blogs/how-to-disable-windows-defender/#respond Thu, 08 Aug 2024 13:52:28 +0000 https://gridinsoft.com/blogs/?p=17542 Disabling Microsoft Defender is often thought of Windows users all around the world. Despite undoubtedly being a solid antivirus tool, it may cause issues here and there, forcing such a wish. In this guide, I’ll explain how to fully disable Microsoft Defender. How to Disable Microsoft Defender in Windows 10/Windows 11 There are two ways… Continue reading How to Disable Windows Defender? Windows 10 & 11 Guide

The post How to Disable Windows Defender? Windows 10 & 11 Guide appeared first on Gridinsoft Blog.

]]>
Disabling Microsoft Defender is often thought of Windows users all around the world. Despite undoubtedly being a solid antivirus tool, it may cause issues here and there, forcing such a wish. In this guide, I’ll explain how to fully disable Microsoft Defender.

How to Disable Microsoft Defender in Windows 10/Windows 11

There are two ways to disable Microsoft Defender: one is temporary, and the other is permanent. We’ll skip the temporary method since you’re probably here for the latter. Since the Microsoft Defender versions in Windows 10 and 11 are almost identical, this guide is applicable to both. A crucial note – these actions are only possible if you’re using an administrator account.

One more warning: I don’t recommend disabling Microsoft Defender, as this will leave your system unprotected and could have negative consequences. If you have reliable anti-malware software, like GridinSoft Anti-Malware, already running in the system, then it is fine. Otherwise, you expose your system to a significant malware risk.

Let’s begin. The first thing you need to do is disable Tamper Protection – a self-protection feature of Defender that prevents it from being disabled or tampered with externally. To do this, open Windows Security, click on Virus & Threat Protection → Manage settings.

Disable Defender step 1

Scroll down to Tamper Protection and turn it off. This will allow you to proceed with the next steps.

Tampering protection off

Next, open the Group Policy Editor. To do this, press the “Win + R” keys on your keyboard, and in the Run dialog that appears, type or paste “gpedit.msc” and press Enter.

gpedit window

In the window that opens, navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.

GPEdit Defender

Find the file named “Turn Off Microsoft Defender Antivirus,” double-click it, select “Enabled,” and then click Apply and OK to apply the changes.

Disable Windows Defender GPEdit

Disabling Microsoft Defender with Regedit

For some users, such as those with the Windows 11 Home edition, the previously mentioned method won’t work because these versions don’t have access to the Group Policy Editor. In this case, you can use the Registry Editor. To do this, press the “Win + R” keys again and type “regedit”.

Disable Windows Defender regedit

In the Registry Editor window, navigate to the following path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

In this folder, right-click on an empty space, create a new DWORD (32-bit) value, and name it “DisableAntiSpyware”.

Double-click on it to open it, set the Value data to “1”, and make sure the Base is set to “Hexadecimal”. Then click “OK.” Restart your PC to apply the changes, and this should disable Microsoft Defender.

DisableAntiSpyware registry entry

Disabling Microsoft Defender with Command Prompt

If you encounter any difficulties with the last method, you can also disable it using the Command Prompt. To do this, open the Start menu or search bar and begin typing “cmd”. When the Command Prompt appears, click “Run as Administrator.”

CMD run as admin

Copy the command below, paste it into the Command Prompt window, and press “Enter,” as shown in the screenshot below:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

Disable Windows Defender cmd command

That command essentially performs the actions from the previous method. After doing that change, reboot the computer for them to take effect.

Should You Disable Defender?

As I mentioned earlier, I don’t recommend disabling Microsoft Defender without a serious reason. The Windows system requires security solutions, and Microsoft addressed this by adding a built-in solution that meets the needs of most home users. This solution has undergone significant evolution and now offers a sufficient level of protection, including features like Zero Trust, sandboxing, and quite high effectiveness.

However, despite all the advantages, there’s another side to the story. All these features consume a significant amount of resources. While this may go unnoticed on modern, powerful machines, users with less powerful devices might experience some difficulties when using the system. This is particularly true for machines that use an HDD instead of an SSD. During background scanning, Microsoft Defender can noticeably strain the hard drive.

In any case, if you plan to disable Microsoft Defender completely, I don’t recommend leaving your system unprotected. Furthermore, I would suggest considering alternative solutions, such as GridinSoft Anti-Malware. It offers advanced functionality, including key components like proactive protection and an Internet Security module.

How to Disable Windows Defender? Windows 10 & 11 Guide

The post How to Disable Windows Defender? Windows 10 & 11 Guide appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/how-to-disable-windows-defender/feed/ 0 17542
Windows COM Vulnerability Exploited by Chinese Hackers https://gridinsoft.com/blogs/windows-com-vulnerability-exploited/ https://gridinsoft.com/blogs/windows-com-vulnerability-exploited/#respond Wed, 07 Aug 2024 15:02:10 +0000 https://gridinsoft.com/blogs/?p=26144 A vulnerability in Windows COM, first discovered in 2018, has become the target of attacks once again. A Chinese hacker group, likely affiliated with the Ministry of State Security of the People’s Republic of China, has exploited this vulnerability in an attack on a research center in Taiwan. Microsoft offers a non-obvious solution to this… Continue reading Windows COM Vulnerability Exploited by Chinese Hackers

The post Windows COM Vulnerability Exploited by Chinese Hackers appeared first on Gridinsoft Blog.

]]>
A vulnerability in Windows COM, first discovered in 2018, has become the target of attacks once again. A Chinese hacker group, likely affiliated with the Ministry of State Security of the People’s Republic of China, has exploited this vulnerability in an attack on a research center in Taiwan. Microsoft offers a non-obvious solution to this problem.

Chinese Cybercriminals Are Exploiting A Vulnerability In Windows 10

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included the CVE-2018-0824 vulnerability in its catalog of exploited vulnerabilities. This was prompted by a Cisco Talos report indicating that the Chinese group APT41 may have actively used this flaw in their attacks. In short, the vulnerability allows for privilege escalation and remote code execution, putting hundreds of millions of Windows 10 users at risk. Attackers, such as the Chinese group APT41, use this vulnerability to achieve local privilege escalation and remote code execution. They create custom loaders that inject code for CVE-2018-0824 exploitation directly into memory. This allows them to take control of the system.

The remote code execution vulnerability CVE-2018-0824 has a CVSS score of 7.5 and exists in “Microsoft COM for Windows” when it fails to properly handle serialized objects, known as the “Microsoft COM for Windows Remote Code Execution Vulnerability.” This vulnerability affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, and Windows 10 Server. An attacker exploiting this vulnerability could use a specially crafted file or script to perform actions. In an email attack, the attacker could send the file to the user and convince them to open it. In a web-based attack, the attacker could host a website containing the file and persuade the user to open it by clicking a link.

CVE-2018-0824 and Threat Actors

The primary threat actor known to exploit this vulnerability is APT41, a cyber group that, according to the U.S. government, consists of Chinese nationals. In August 2023, experts detected abnormal PowerShell commands connecting to an IP address to download and execute PowerShell scripts within a Taiwanese government-affiliated research institute’s environment. This attack, conducted by APT41, involved the use of a unique Cobalt Strike loader written in GoLang to evade detection. The attackers behind the operation were proficient in simplified Chinese, indicating their likely origin.

Although it might seem that APT41 poses a minimal risk to the average user, that’s not entirely accurate. Another threat actor, targeting all Windows users, is highlighted in other reports. SnakeKeylogger aka KrakenKeylogger is a new malicious software aimed at Windows users, and not mandatory ones from within a corporate network. This malware logs keystrokes, steals credentials, and takes screenshots to gather sensitive information, which is then sent to fraudsters. This malware typically spreads through phishing campaigns, where malicious code is hidden in email attachments.

Avaliable Solutions

Although a patch for CVE-2018-0824 has been available for a long time, attackers continue to exploit it. On the other hand, SnakeKeylogger remains a significant threat to users. So, here are several solutions to address these issues:

Upgrade to Windows 11. One radical solution for Windows 10 users is to upgrade to Windows 11. However, there is a significant problem: many users are reluctant to switch to Windows 11. The primary reason is that Windows 11 has higher system requirements, and not all users can upgrade their hardware to support the new system. Many users remain on Windows 10 despite security warnings due to resource limitations and the unwillingness to spend money on new equipment.

Use Advanced System Protection. There is also a workaround solution — blocking attacks with the advanced system protection. GridinSoft Anti-Malware is the one you can rely on in this question. This program will prevent any malware from getting into the system, even before they can do any harm. While using an outdated version of Windows is not the best solution, employing an advanced anti-malware program can significantly reduce risks.

Windows COM Vulnerability Exploited by Chinese Hackers

The post Windows COM Vulnerability Exploited by Chinese Hackers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/windows-com-vulnerability-exploited/feed/ 0 26144
How to Remove a Virus From a Computer in Safe Mode https://gridinsoft.com/blogs/remove-viruses-safe-mode/ https://gridinsoft.com/blogs/remove-viruses-safe-mode/#respond Mon, 15 Jul 2024 14:36:17 +0000 https://gridinsoft.com/blogs/?p=6654 In quite a few cases, you can see advice on using Safe Mode for malware removal. While generally good advice, this practice requires quite a bit of skill and knowledge on where to seek for malicious files. And in the selection of cases, manual approach is counterproductive, due to the complexity of the operation. But… Continue reading How to Remove a Virus From a Computer in Safe Mode

The post How to Remove a Virus From a Computer in Safe Mode appeared first on Gridinsoft Blog.

]]>
In quite a few cases, you can see advice on using Safe Mode for malware removal. While generally good advice, this practice requires quite a bit of skill and knowledge on where to seek for malicious files. And in the selection of cases, manual approach is counterproductive, due to the complexity of the operation. But let me show you a step-by-step guide on how to remove malware in Safe Mode, that should work against the vast majority of malicious programs.

Is Safe Mode Good for Malware Removal?

Despite being quite useful for malware removal operations, Safe Mode was not meant for this kind of activities. Its main purpose is troubleshooting: in this mode, Windows starts without quite a few modules, startup programs and things planned in Task Scheduler. This, however, is exactly what prevents malicious programs from executing, since the majority of them rely on either startup or the Scheduler.

Why would one need all this during malware removal? While active, viruses may block executable files from running, or overload the system making any operations impossible to accomplish. The latter is characteristic of coin miners and, in some cases, proxyware. This makes installing antivirus and anti-malware programs nearly impossible, and Safe Mode allows omitting these problems altogether.

How To Run Windows in Safe Mode

There are several ways to enter Safe Mode, which vary depending on certain factors. One particular thing I recommend you to stick to is using Safe Mode with Networking, as it allows connecting to the Internet. If you are using Windows without a password on your user account, it will be much easier to get into Safe Mode. For Windows 10/11 without a user account password, you can follow these steps:

Method 1. Using the Restart Option

Click “Start”, click “Power”, and then click “Restart” while holding the Shift key.

Press Shift + restart to open Windows Recovery menu

In the menu that appears, select “Troubleshoot” → “Advanced options” → “Startup Settings” → “Restart”.

Advanced options on the recovery menu

Then choose the Safe Mode with Networking and press the corresponding key (usually F4 or F5, depending on Windows version).

Startup settings

Method 2. Using Settings

Click “Start” and open “Settings”. In the left menu, click “System”, then scroll down and click “Recovery”.

System settings screenshot

Under “Recovery options”, select “Advanced startup” and click “Restart now”. Then follow steps 2 and 3 from the first method.

Advanced startup menu screenshot

Method 3. Interrupting Normal Boot

Another way to get into Safe Mode is to interrupt the normal boot process three times in a row. In case of three consecutive unsuccessful boots, the OS will automatically enter the Windows Recovery Environment (WinRE), which is useful if you are unable to start Windows for some reason. After this, follow steps 2 and 3 from the first method.

Windows with a User Account Password

If your device is protected by a user account password, you will not be able to use the previous methods. This is related to Windows security and BitLocker, which encrypts all disks. The only way to enter Safe Mode in this case is through System Configuration. Follow these steps:

Press the Win key + R, and in the window that opens, type “msconfig”.

Run menu screenshot

In the System Configuration window, go to the “Boot” tab. Under Boot options, check the “Safe boot” checkbox.

System configuration screenshot

Click “Apply”, then click “Restart”. Now your system will default to booting in Safe Mode until you perform the first two steps again and uncheck the “Safe boot” checkbox.

How to Remove Malware and Viruses in Safe Mode?

If you’ve decided to remove malware from your device with the use of Safe Mode, you may need to know where to look for malware. There are several locations as well as visual signs that may help you with locating the threat. However, I still recommend combining this mode with an anti-malware scan, which I will show later.

Typically, the majority of malware follows certain patterns in where it stores its file. Knowing even a few key locations can help detect the threat in just a few clicks. Malware often uses temporary or hard-to-reach system folders, such as AppData\Roaming\Temp, root directory of AppData\Roaming, and AppData/Local. By default, these folders are hidden from the user, so you need to enable the display of hidden files in the File Explorer settings to access them.

In addition to the location, it is important to pay attention to files with strange or unfamiliar names. Malware usually uses random combinations of letters or numbers to make them look like some generic log files. Another thing to check is the digital signature certificates of the files, especially if there’s a suspiciously looking file that has a valid name. If the certificate issuance date indicates the future, or the issuer is an unrelated company, it is most definitely malware.

However, detecting and removing malware manually is not only an extremely labor-intensive process but also not always effective. Malicious programs often create copies of themselves in the system and regenerate from them after deletion. This is why using specialized tools that automatically and reliably detect and remove malware is the best solution. As mentioned earlier, Safe Mode disables most Windows services, including Microsoft Defender. It cannot be enabled until you boot the computer in standard Windows mode.

To remove malware in this mode, you need to install third-party solutions. This is why network access is necessary after entering Safe Mode—the malware might block the installation. GridinSoft Anti-Malware is an excellent solution for removing malware in Safe Mode. The detection databases of this antivirus are updated hourly; additionally, it offers a Proactive Protection feature, which protects the system in the background after a normal system boot. Combined with the overall ease of use of the program, it becomes a great option for any system.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post How to Remove a Virus From a Computer in Safe Mode appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/remove-viruses-safe-mode/feed/ 0 6654
Windows Cannot Access The Specified Device, Path or File Error Fix Guide https://gridinsoft.com/blogs/windows-cannot-access-the-specified-device-path-or-file-error/ https://gridinsoft.com/blogs/windows-cannot-access-the-specified-device-path-or-file-error/#respond Thu, 04 Jul 2024 23:02:21 +0000 https://gridinsoft.com/blogs/?p=25528 Windows Cannot Access The Specified Device, Path or File is a system error that users may encounter while trying to run a program or open a folder. The error obviously flags an issue that the system has encountered while following the command, which may happen for a selection of reasons. Here, I will explain all… Continue reading Windows Cannot Access The Specified Device, Path or File Error Fix Guide

The post Windows Cannot Access The Specified Device, Path or File Error Fix Guide appeared first on Gridinsoft Blog.

]]>
Windows Cannot Access The Specified Device, Path or File is a system error that users may encounter while trying to run a program or open a folder. The error obviously flags an issue that the system has encountered while following the command, which may happen for a selection of reasons. Here, I will explain all the potential sources of that error and ways to fix it.

Windows Cannot Access Error Overview

There are quite a few reasons for this issue to appear, and, as its name implies, the reason for this is the system facing troubles with accessing what you ordered it to access. Most commonly, it follows the attempt to run a program, open a certain directory or an attached drive. The deeper reason for all this is the malfunction of certain system settings, account permissions, or sometimes hardware. In rare cases, it is a rather intended behavior of the system, particularly when the security system interrupts the normal operations.

Windows cannot access the specified device error
Typical example of the “Windows cannot access the specified device, path or file” error

Fixing steps for the issue will therehence differ quite a lot, and the user may need to go through multiple solutions to find what exactly is wrong. Unfortunately, it is pretty hard to say what exactly caused the issue, if we are not talking about digging through event logs and similar complicated stuff. Below, you will find the comprehensive list of solutions that target pretty much any possible source of the Windows Cannot Access issue.

Several specific cases of this error appear to refer to some of the popular online games, namely Valorant and League of Legends. Users complained about the issue preventing the game from running, despite the game launcher working fine.

Windows Cannot Access The Specified Device, Path of File Ways to Fix

We begin with the least complicated fix options, as it is hard to get hold of realistic stats about which fix is the most effective. One should thoroughly follow the guide, as skipping steps can stop the solution from working.

Wait for an Update

In the actual case of Windows Cannot Access that I’ve just described, the only working remedy was just to sit and wait for the fix to appear. It may happen to pretty much any game, even the largest titles, and the developers will likely fix the problem in just a few hours. To be a good citizen, you can also report the issue on the game/app forum, unless it is already reported.

Run App as Administrator

Yes, this obvious step may sometimes help with solving the Windows Cannot Access problem. Either the user can lack access permissions for a specific directory the file is located in, or the program tries to access one, having only user privileges. It is a particularly common case when the program works with system files, ones from the C:\\Windows folder.

Run app as administrator

Reinstall the Program

Among the most efficient advice for solving the Windows Cannot Access issue that happens to a specific program is to simply reinstall it. If the files were corrupted, any attempt to run the program will lead to the system stumbling on these bad files and showing the said pop-up notification.

Important! Do not try downloading any “fixes” for these bad files. Locating the problematic file may be tedious, and trying to source it from third party sites instead of the program installer is just yet another source of problems.

Create a New Shortcut

A particularly common case for this error to happen is when the user tries to run a program through a shortcut, but the executable file’s address has changed. Thus, the shortcut tries to run a non-existent file, causing errors. And to make it work properly, one should create this shortcut from scratch.

Open the folder of a program (or a file) you are trying to open. There, find the executable file (.exe extension) or the file you need, click it with the right mouse button, and find “Create shortcut”. For Windows 11, you may need to click the “Show more options” button to show the extended menu with this function.

Create shortcut menu

Check for Correct Software Location

Similarly to the shortcut issue, you may have placed the software or a file you are trying to run on an attachable drive. All the shortcuts in this case will be functioning until you plug off the drive. If you have attachable drives, consider plugging them into the system and trying again. This is especially probable if you were installing certain software from that drive: programs often default to their installer directory.

Stop Third-Party Security Software

Among the other reasons for Windows having troubles accessing certain folders and files may be the interference from third-party software. In particular, antivirus programs are capable of disrupting access to certain folders – both when they are performing the scan or when the folder is considered malicious. Removing this block is possible only through stopping the antivirus from running.

Find it among the programs in the system tray, click the icon with the right mouse button, and choose “Exit” (or a similar option). This should stop the antivirus from running, at least until the next system reboot.

Stop antivirus program

Disable PUA Protection

One more problem that stems from antivirus software, particularly from Microsoft Defender, is the app being blocked with the PUA protection feature. As the name suggests, it aims at preventing unwanted apps from running. Thing is – MS Defender is not ideal and may have false positives, leading to a genuine app being blocked.

To solve this, you can either create MS Defender exclusion or disable the corresponding option in the Settings. The first one is recommended, as disabling the entire protection block for running a single app is a bit of an overkill. Open Windows Security, go to Virus and Threat Protection and click “Manage Settings”.

Add exclusions Windows Cannot Access

Here, scroll all the way down to find Exclusions, and click Add or Remove Exclusions button to continue. The menu that follows is rather simple to use: just click the button and paste the location of the file that you cannot open correctly.

Upgrade File Permissions

In certain cases, it is not user permissions that do not allow the program to reach specific locations, but the lack of permissions of the program itself. This may happen particularly often in the systems that have multiple users . Fortunately, to solve this, you don’t need to make any significant changes – just give the file additional permissions. Click the file that caused the Windows Cannot Access issue with the right mouse button, go to Properties → Security, and click on the account you are currently using. Now, deselect all the checkboxes from the column titled “Deny” (to the right).

Upgrade file permissions

This should disable any restriction that may stop the system from accessing the files and showing the error notification.

Enable Admin Permissions in Gpedit

In a selection of cases, the reason for the Windows Cannot Access error is the lack of user privileges. While this may be solved locally, for specific apps, as I’ve just shown above, the best option is to grant max permissions for all the user actions. To do this, you would need to go through the Group Policies Editor.

Important: Group Policies Editor is available ONLY in Windows 10/11 Pro and Enterprise editions. Home, Educational and other editions have the Editor blocked, making this part of the guide impossible to accomplish.

Click Win+R and type “gpedit.msc” – this will open the Group Policy Editor. Here, go to Local Computer Policy → Computer Configuration.

Group Policies user permissions to admin

In this menu, find the Admin Approval Mode for Built-In Administrator. This policy is what allows us to skip the addiitonal approvals and execute all the programs with admin permissions even for regular users. Set its value to Enabled, then press Apply and Ok. Reboot for the changes to take effect, and try running the file again.

Group Policies user permissions to admin

Check for Source Disk Integrity

One particular reason for the files corruption described in one of the paragraphs is disk issues. Despite how reliable modern disks are, there is still a possibility of it having a bad sector or cell. This step is not that much about fixing the existing issue rather than detecting the source and preventing it in future.

Victoria HDD
The interface of a disk check-up utility. Green and orange tiles on the image say about the disk damage.

Pick a disk check tool of your choice and scan all of your drives. I particularly recommend a free Victoria HDD tool – a renowned software of this kind. Presence of sectors with significant access delay, or even outright bad sectors is what you may blame for the Windows Cannot Access issue. Most of the disk scanning software also offers to fix the issue by remapping the drive, so you will be able to fix all the issues without going for a lot of software. This, however, is far from being the only possible source of the problem.

Reinstall Windows

There are cases when the Windows Cannot Access error is an outcome of some severe system malfunctions. You can understand that this is the case when, aside from this error, you see your system going completely crazy: missing menus, reboots, random BSODs and overall bad system performance. In that case, all the aforementioned methods are unlikely to work, simply because the problem is deeper than file locations or misconfigurations. And the only and the best remedy here is to perform a clean system installation.

You can opt for the reinstallation way you like: clean install from a thumb drive, using restore point or a backup, or else. I will only warn you against downloading system images from third-party sites, due to the risk of new problems or even malware.

Can the Windows Cannot Access Error be a Virus Sign?

Yes, this error may be caused by malware activity. Quite a few samples of malicious software mess up with system and software settings, in order to arrange their own needs. In particular, such activity is characteristic to spyware, backdoors, dropper malware and sometimes ransomware. Most of them are rather hard to notice without specialized software, so I recommend scanning the system with GridinSoft Anti-Malware.

Windows Cannot Access The Specified Device, Path or File Error Fix Guide

Please note that malware removal does not always fix the issue. Settings that have changed will remain the same, and one may need to go through the steps from above to get the system functioning correctly.

The post Windows Cannot Access The Specified Device, Path or File Error Fix Guide appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/windows-cannot-access-the-specified-device-path-or-file-error/feed/ 0 25528
How to Secure Windows 10 from Hackers https://gridinsoft.com/blogs/8-best-practices-windows-10-security/ https://gridinsoft.com/blogs/8-best-practices-windows-10-security/#respond Thu, 04 Jul 2024 08:36:35 +0000 https://gridinsoft.com/blogs/?p=10331 Windows 10 boasts valuable features, providing comfortable tools for user PCs and safeguarding confidential data. However, to secure Windows 10 effectively, understanding its vulnerability due to its dominance in the market—with over 85% of user devices—is crucial. This operating system has many vulnerabilities that attackers actively exploit. Below is a useful guide with essential tips… Continue reading How to Secure Windows 10 from Hackers

The post How to Secure Windows 10 from Hackers appeared first on Gridinsoft Blog.

]]>
Windows 10 boasts valuable features, providing comfortable tools for user PCs and safeguarding confidential data. However, to secure Windows 10 effectively, understanding its vulnerability due to its dominance in the market—with over 85% of user devices—is crucial. This operating system has many vulnerabilities that attackers actively exploit. Below is a useful guide with essential tips to help you enhance your Windows security.

Secure Windows 10: Useful Tips

1. Update Your Software Regularly

Regular updates are essential to secure Windows 10 from hackers. By updating Windows and all your software, you prevent hackers from accessing your computer. Developers create updates to shield private information by fixing code bugs and eliminating incompatibilities. As a result, larger software packages often contain vulnerabilities that hackers are more likely to discover and exploit.

Each time attackers discover new loopholes or methods to hack into systems, developers release new versions of these crucial updates. Unfortunately, many users neglect these updates, sticking with outdated software versions, which hackers exploit to breach security.

Windows 10 Security update

2. Turn on Your Firewall

The Windows Firewall is a robust network security system integrated into recent Windows operating systems, including Windows 10, designed to protect internal networks from external threats like intruders or malware. It scrutinizes both hardware and software, tracking incoming and outgoing traffic. The firewall allows or blocks data packets based on established security rules, acting as a crucial barrier to secure Windows 10 from any incoming threats.

Firewall Scheme

Follow these steps to enable the Windows 10 Firewall and protect your computer:

1. Open Control Panel:

  • Click the Start menu.
  • Type Control Panel in the search bar and select it from the list of results.

2. Navigate to Windows Firewall:

  • In the Control Panel, click on System and Security.
  • Then click on Windows Defender Firewall.

3. Turn on Windows Firewall:

  • On the left side of the screen, click on Turn Windows Defender Firewall on or off.
  • Under both the Private network settings and Public network settings, select the option to Turn on Windows Defender Firewall.
  • Click OK to save your settings and activate the firewall.

3. Use Device Encryption or Bitlocker to Protect Your Hard Drive

Encryption works by scrambling data with a complex cipher that makes the information unreadable without the correct password. Many versions of Windows 10 Home include Windows Device Encryption. This feature allows you to encrypt files and folders on demand and create disk partitions to store encrypted bulk data, greatly enhancing your chances to secure Windows 10 and maintain the integrity of your files. However, be aware that using disk encryption utilities might slow down weaker systems or those equipped with HDDs, as these tools can impact performance.

Here are the steps to set up BitLocker on your Windows 10 device:

1. Check if BitLocker is Available:

  • Open the Control Panel.
  • Navigate to System and Security > BitLocker Drive Encryption.
  • If BitLocker is not available, your version of Windows may not support it, or your hardware may lack a Trusted Platform Module (TPM) chip.

2. Turn On BitLocker:

  • Choose the drive you want to encrypt from the list.
  • Click Turn on BitLocker.
  • BitLocker will check if your system meets the requirements for encryption.

3. Choose How to Unlock at Startup:

  • You will be asked how you want to unlock the drive at startup. Options typically include using a password or a smart card.
  • Choose Use a password to unlock the drive and enter a strong password.

4. Save Your Recovery Key:

  • BitLocker will prompt you to save a recovery key, which can be used to access your encrypted drive if you forget your password.
  • You can save it to your Microsoft account, a file, a USB drive, or print it.
  • It’s crucial to save the recovery key in a secure location separate from your computer.

5. Choose Encryption Options:

  • Select whether to encrypt the used disk space only (faster and best for new PCs and drives) or the entire drive (best for PCs and drives already in use).
  • Click Next to continue.

6. Start the Encryption Process:

  • Review your choices and click Start encrypting.
  • The encryption process can take several hours, depending on the size of the drive and the data stored on it.

Once BitLocker is enabled, your drive is protected. Every time you start your device, you will need to enter the password or have the smart card to access the encrypted drive. This ensures that your data is secure even if your device is lost or stolen.

4. Use a Secure Password Manager with Two-Factor Authentication (2FA)

Simple passwords make user accounts vulnerable to hacks, making it crucial to use passwords that combine a complex array of letters and characters for enhanced protection. Remembering all these complex passwords can be challenging, which is why it’s wise to use a password manager. These tools store, auto-fill, and generate passwords for you. Most password managers also support two-factor authentication (2FA), adding an extra layer of security. This additional step might involve something like a fingerprint, a confirmation code sent to your phone, or a facial scan—essential measures to secure Windows 10 against unauthorized access.

Use password manager

5. Enable Controlled Folder Access to Prevent Ransomware Attacks

Ransomware attacks are a significant threat to personal and organizational data security. Windows 10 offers a robust feature called Controlled Folder Access within Windows Defender Security Center. This feature helps protect valuable data from malicious apps and threats, such as ransomware. By default, it protects common folders where documents, pictures, videos, and files are stored, and you can also add additional folders to be monitored to enhance protection.

To enable Controlled Folder Access, simply go to the Windows Defender Security Center, click on ‘Virus & threat protection,’ and navigate to the ‘Ransomware protection’ section. From there, you can switch on Controlled Folder Access. This simple step can significantly secure Windows 10 by blocking unauthorized applications from making changes to your protected folders.

How to protect your files from ransomware attacks by enabling Controlled Folder Access:

1. Open Windows Security Settings:

  • Click on the Start menu.
  • Type Windows Security in the search bar and open the app.

2. Navigate to Virus & Threat Protection:

  • In the Windows Security window, click on Virus & threat protection.

3. Access Ransomware Protection:

  • Scroll down and find the Ransomware protection section.
  • Click on Manage ransomware protection.

4. Enable Controlled Folder Access:

  • In the Ransomware protection settings, find the Controlled folder access section.
  • Switch the toggle to On to enable Controlled Folder Access.

5. Manage Protected Folders:

  • After enabling Controlled Folder Access, you can add or remove folders that you want to protect.
  • Click on Protected folders and then use the Add a protected folder button to select folders on your computer that you wish to protect.

6. Allow Apps Through Controlled Folder Access:

  • If you have legitimate apps that need to make changes to protected folders, you can allow them through this feature.
  • Under Allow an app through Controlled folder access, click on Add an allowed app and select the app you trust to make changes to protected folders.

7. Review and Test:

  • Once you’ve configured your settings, review everything to ensure it’s set up correctly.
  • Test the feature by attempting to modify files in the protected folders with a non-allowed application to check if the access is correctly blocked.

6. Keep Your Browsing Private with a VPN, Especially on Public Wi-Fi

Using a VPN can significantly enhance your privacy and anonymity online by creating a private network from a public Internet connection. This security method not only masks your IP address but also makes your online activities nearly impossible to track. Moreover, a VPN provides a more encrypted and secure connection than a typical Wi-Fi hotspot. By creating a secure tunnel, a VPN helps conceal your browsing activities, allowing you to access region-blocked websites without exposure. This is an essential step to secure Windows 10 when using public WiFi.

VPN security mechanism

7. Avoid Dangerous Pop-Ups

Although pop-up windows may seem merely annoying—wasting your time and slowing down your PC—they can also pose serious risks by infecting your device with malware. These pop-up banners are harmless until you click on them, which activates their damaging effects. Therefore, it’s crucial to be discerning about what you click on. To protect yourself, consider using an ad blocker or avoid visiting sites known for dubious pop-ups. If ad blockers don’t cut it, your device might already be compromised by malware. Scan your device with anti-malware software to eliminate any such threats and further secure Windows 10.

pop-ups
Pop-ups that have no relation to the original page

8. Install Anti-malware

Antivirus software will be your next level of protection against malware. For example, GridinSoft Anti-Malware can remove all malware from your computer. In addition, it scans the system for viruses, spyware, and adware and prevents rootkits or backdoors from invading your PC.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

Our tool can work without conflict with other antivirus programs as additional protection. GridinSoft Anti-Malware can free the user’s browser from third-party control and return it to its working state.

The post How to Secure Windows 10 from Hackers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/8-best-practices-windows-10-security/feed/ 0 10331
Sihost.exe https://gridinsoft.com/blogs/what-is-sihost-exe/ https://gridinsoft.com/blogs/what-is-sihost-exe/#respond Thu, 20 Jun 2024 20:14:43 +0000 https://gridinsoft.com/blogs/?p=19693 Sihost.exe is a crucial background process for Windows 11/10 that governs essential features like the context menu and action center. However, it can sometimes malfunction and disrupt system stability. In this article, we unravel the essence of Sihost.exe and equip you to eliminate troubles within your system. Sihost.exe – What is It? Windows has many… Continue reading Sihost.exe

The post Sihost.exe appeared first on Gridinsoft Blog.

]]>
Sihost.exe is a crucial background process for Windows 11/10 that governs essential features like the context menu and action center. However, it can sometimes malfunction and disrupt system stability. In this article, we unravel the essence of Sihost.exe and equip you to eliminate troubles within your system.

Sihost.exe – What is It?

Windows has many background processes, each of which is responsible for something. The Sihost.exe process (Shell Infrastructure Host file) is a critical executable file that executes various system processes. This file involves the following actions: the Start menu, launching the context menu, action center, Cortana, file explorer, etc.

It is essential to understand that Sihost.exe is not a virus. It is a legitimate system process, which you should not stop or delete due to its importance to the system’s stability. However, its name nonetheless can be used by malware, to get a better disguise in the system. You can observe this file in Task Manager in the list of Windows processes. To do this, launch Task Manager, go to the “processes” tab, sort them by name, and scroll down to the “Windows processes” section. Then scroll down some more, and you will see “Shell Infrastructure Host“. In a normal state, this process does not load the system in any way and uses about 6 MB of RAM and miserable amounts of CPU.

Sihost.exe
Sihost.exe in Task Manager

Is Sihost Malware?

As I wrote above, malware sometimes masquerades as a legitimate Windows process, using the name of Sihost.exe in particular situations. However, even a legitimate file may consume more resources in some specific cases.

Checking Sihost.exe Location & Properties

To ensure the process is legitimate, let’s review the sihost.exe instance. First, check its properties through the Task Manager. For this, click with the right mouse button and opt for “Properties.”

Sihost.exe Properties

There, click on the “Details” tab and ensure it says Microsoft Corporation before copyright.

Microsoft Corporation before copyright in Sihost.exe properties

The next step is to look at the sihost.exe location. Close the previous file properties window, right-click on the process, and select “Open File Location.”

File location in task manager

By default, the file is located at C:\Windows\System32\. If the file location differs, there is a chance that the name of Sihost is used by malware. We recommend scanning your computer with GridinSoft Anti-Malware.

Sihost.exe in System32 folder
Sihost.exe in System32 folder

Fix Sihost.exe High CPU Usage

Suppose your file is legitimate after running the tests but consumes an abnormally high amount of resources. In that case, you can perform the following steps:

Reboot your PC. This is an obvious and trivial tip, but it solves a lot of problems. If the problem hasn’t gone away after rebooting or reappears after a while, move on to the next step.

Run the System File Checker tool (SFC.exe). Some user or software actions can adversely affect system files. Restoring important system files should solve such problems. To do this, open Start and write “cmd,” then click “Run as administrator.” Next, paste “DISM.exe /Online /Cleanup-image /Restorehealth” into the command prompt window. If necessary, this action will check your system files and download them from the Windows Update Center.

System File Checker Tool
System File Checker tool

Reinstall Microsoft Redistributable Packages. These packages are necessary for some programs to work, but they can cause the Shell Infrastructure Host to become unstable. To do this, uninstall all installed packages, download the installation file from the Microsoft website, and reinstall it.

Uninstall Apps

Reinstall the Photos app. Previously, a memory leak bug caused the excessive resource usage of Sihost. You can follow these steps if you encounter the same problem on your computer. First, uninstall the Photos app from your device. Then, open the Microsoft Store and download the app again. This should resolve the issue.

Uninstall Photos App
Uninstall photos app

If the above steps do not solve the situation, I recommend running a malware scan on your system. To do this, download Gridinsoft Anti-Malware and run the scan.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post Sihost.exe appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/what-is-sihost-exe/feed/ 0 19693
SearchHost.exe – Is SearchHost a virus? https://gridinsoft.com/blogs/searchhost-high-memory-cpu-gpu/ https://gridinsoft.com/blogs/searchhost-high-memory-cpu-gpu/#respond Wed, 19 Jun 2024 10:47:05 +0000 https://gridinsoft.com/blogs/?p=19748 SearchHost is a process responsible for indexing the Start menu and Explorer search files in Windows 10/11. It allows you to conveniently search for files on your computer by indexing their contents. However, this process can be spoofed by a coin miner or malware that uses its name to masquerade on your system. How to… Continue reading SearchHost.exe – Is SearchHost a virus?

The post SearchHost.exe – Is SearchHost a virus? appeared first on Gridinsoft Blog.

]]>
SearchHost is a process responsible for indexing the Start menu and Explorer search files in Windows 10/11. It allows you to conveniently search for files on your computer by indexing their contents. However, this process can be spoofed by a coin miner or malware that uses its name to masquerade on your system. How to know if this process is a virus? And what should I do in the case of searchhost.exe high memory and GPU usage? Here is our detailed guide.

What is SearchHost.exe?

SearchHost.exe is a process that is part of the Windows Search Indexer service. This service starts automatically at system startup and runs in the background. It scans the files on your computer and creates an index that speeds up searching for files through the start menu and Explorer. You can customize the indexing settings by choosing which folders and file varieties to include or exclude from the index. It is also possible to pause or resume indexing at any time.

Typically SearchHost.exe is located in the C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy folder. This is the default location for this process, and if you find it in a different folder, it could be a sign of a virus. SearchHost.exe is not essential to the operation of the system, but it is useful for the convenience of finding files. If you don’t use search often, you can disable SearchHost.exe the Windows Search Indexer service to save system resources.

High CPU/GPU and memory usage – Why does this happen?

SearchHost is responsible for indexing the Start Menu and Explorer search files in Windows. Typically, this process does not require a lot of computation power, but there are certain situations here when things are different.

SearchHost High CPU Consumption

During the initial indexing process, Searchhost.exe may create quite a load on your CPU, especially on weaker systems. If it is uncomfortable to use the system, you can do the following:

  1. Wait for indexing to finish. You can see the indexing progress in the Search and indexing settings. This can take from a few minutes to a few hours, depending on the number and size of files on your computer.
    SearchHost.exe indexing progress
    Indexing settings
  2. Pause the indexing process. You can pause indexing for 15 minutes, 1 hour, or until your computer restarts. To do this, right-click on the search icon in the taskbar and select Suspend Indexing.
    Pause the SearchHost indexing process
  3. Customize indexing options. You can choose which folders and types of files to include or exclude from the index. To do this, open the search and indexing settings and click the “Advanced”. You can also change the indexing schedule so that it happens at a time that is convenient for you. This way, you may reduce the time required to finish the indexing or decrease the load it creates.
    Advanced Options
    Advanced Options
  4. Disable the Windows Search Indexer service. You can turn off the Windows Search Indexer service if you don’t use search often or don’t need to index files:
    • Open the Services Manager, find the Windows Search service, right-click on it, and select Stop.
      Windows Search Service
      Services Manager
    • Then right-click on it again and select “Properties”.
      Services Manager
    • In the “Startup Type” field, select “Disabled” and click “OK”.
      Stop the service
  5. In case you cannot manually disable this service, you can prevent SearchApp.exe from running by following the instructions below:
    • Type cmd in the search box and click Run as administrator to open elevated Command Prompt.
      cmd in the search box
    • In the Command Prompt window, type the command below and press Enter to execute it. This will launch System Applications on your computer.
      cd %windir%\SystemApps\
      Command
    • Then, execute the following command to delete the process.
      taskkill /f /im SearchApp.exe
      Command two
    • After all, execute this last command:
      move Microsoft.Windows.Search_cw5n1h2txyewy Microsoft.Windows.Search_cw5n1h2txyewy.old
      Command three

SearchHost High GPU Consumption

The SearchHost.exe process may actively load your discrete video card to index new files and features. This is particularly a thing in Windows 10 past the 2004 update. System uses a GPU to perform the same indexing operations, though it is not always desirable for the user. You can disable the service in the same way as in the case with high CPU load – see the instruction above.

Additionally to completely remove Cortana, run this command in Administrator-level Powershell:
Get-AppxPackage -all users Microsoft.549981C3F5F10 | Remove-AppxPackage

Power Shell Command

SearchHost High Memory Consumption

If SearchHost.exe is taking up a lot of memory, you can do the following:

Indexer Troubleshooting

Run Search and Indexer Troubleshooting. You can run search and indexing troubleshooting, which can fix some errors and problems related to the operation of the Windows Search Indexer service.

  1. Open the Search and Indexer settings and click on “Troubleshoot search and indexing”.
    SearchHost Troubleshooting
  2. After the verification process, you will be prompted to restart your computer if required.
    Search the problem of SearchHost
  3. Run the SFC command. This can check and repair corrupted system files that may be affecting the Windows Search Indexer service.
  4. Open a Command Prompt as administrator and type:sfc /scannow
    Command CMD
  5. Wait for the scan to finish and restart your computer.

Defragment the disk

This will improve speed and performance of your computer. Disk defragmentation merges fragmented files that take up more space and slow down access to them.

  1. Open Explorer.
  2. Right-click on the disk you want to defragment and select “Properties”.
    Windows Explorer
  3. Choose the “Tools” tab and click on “Optimize”.
    Defragment the disk for fix SearchHost crashes

Check you computer for malware

If you find any inconsistencies, do not rush to delete the file, as it may lead to undesirable consequences. First, check it for viruses. Consider performing a full system scan with a quality antivirus software like Gridinsoft Anti-Malware and remove all detected threats. You can also check the process file for viruses using an online service such as Online Virus Scanner

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post SearchHost.exe – Is SearchHost a virus? appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/searchhost-high-memory-cpu-gpu/feed/ 0 19748
WinRing0x64.sys https://gridinsoft.com/blogs/winring0x64-sys-process/ https://gridinsoft.com/blogs/winring0x64-sys-process/#respond Wed, 19 Jun 2024 09:33:42 +0000 https://gridinsoft.com/blogs/?p=19829 WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses WinRing0x64.sys and why and answer the question of whether it can be removed. WinRing0x64 Overview WinRing0x64.sys is a crucial software component that allows applications to… Continue reading WinRing0x64.sys

The post WinRing0x64.sys appeared first on Gridinsoft Blog.

]]>
WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses WinRing0x64.sys and why and answer the question of whether it can be removed.

WinRing0x64 Overview

WinRing0x64.sys is a crucial software component that allows applications to gain low-level access to hardware components for system monitoring or overclocking purposes. It bypasses high-level interfaces provided by the operating system to interact directly with the hardware. This makes it essential for applications that require this type of access. Most often, this driver uses software that controls RGB backlighting. As a result, the process will appear in Task Manager.

Legit file properties screenshot
Legit file properties

It is essential to understand that WinRing0x64.sys is not malicious. Although it is generally safe and helpful for specific applications, it can pose potential risks if misused. For example, the ability for direct hardware access is exceptionally beneficial to malicious miners. As it allows access at such a low level, malicious software could exploit it to gain control over hardware components. And since it is a valid Windows driver, such a trick makes the malware more complicated to detect.

WinRing0x64.sys – What Software Uses It?

As I said above, WinRing0x64.sys is most often used by software for backlight control and hardware overclocking. Noriyuki MIYAZAKI, MasterPlus, EVGA Precision, and Intel Processor Diagnostic Tool are the most common programs. Since the algorithm of driver usage is similar to malware, some antivirus solutions erroneously block this driver like a Usermode Font Driver Host.

This driver is not mandatory for Windows, so it can be removed. In practice, however, it is deactivated by uninstalling the software that uses the driver. Depending on the software, it may be located in a subfolder of “C:\” or sometimes in a subfolder of the user’s profile folder or the folder with the installed program. Although the driver does not have its window, it may appear in the running processes in Task Manager.

Is WinRing0x64.sys Malware?

Although WinRing0x64.sys is a legitimate driver, it is sometimes detected as a trojan. For example, some users complained about blocking winring0x64.sys by antivirus after installing EVGA Precision Overclocking software for graphics adapters. To understand whether a file is malicious or not, you need to compare some factors, such as how many resources the process consumes, whether any software needs this driver, etc.

Suspicious process in the task manager screenshot
Suspicious process in the task manager

Suppose you downloaded video card software from an official website, which is detected as a trojan. This is most likely a false positive. On the other hand, if you have a laptop with Intel HD graphics but there is WinRing0x64.sys in Task Manager, it is a reason to dig deeper. Although WinRing cannot load the system to 100%, it can allow other processes to do this. So, if a suspicious process on your system consumes an abnormal amount of resources and you see WinRing0x64.sys among running processes, this is a red flag. In such a case, I recommend running a full scan with Gridinsoft Anti-Malware.

GridinSoft Anti-Malware main screen

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Scan results screen

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

Removal finished

The post WinRing0x64.sys appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/winring0x64-sys-process/feed/ 0 19829
Antimalware Service Executable https://gridinsoft.com/blogs/antimalware-service-executable-high-cpu-memory-fix/ https://gridinsoft.com/blogs/antimalware-service-executable-high-cpu-memory-fix/#respond Fri, 14 Jun 2024 18:12:38 +0000 https://gridinsoft.com/blogs/?p=9119 Antimalware Service Executable is a system process that belongs to Windows Defender. Usually, it does not cause any issues, and the user does not notice it. In some cases, it can consume an abnormal amount of resources. I have compiled some practical solutions to address this problem in this article. What is Antimalware Service Executable?… Continue reading Antimalware Service Executable

The post Antimalware Service Executable appeared first on Gridinsoft Blog.

]]>
Antimalware Service Executable is a system process that belongs to Windows Defender. Usually, it does not cause any issues, and the user does not notice it. In some cases, it can consume an abnormal amount of resources. I have compiled some practical solutions to address this problem in this article.

What is Antimalware Service Executable?

The Antimalware Service Executable is a core process of Microsoft Windows Defender, the built-in antivirus software in Windows. This process, also known as MsMpEng.exe, runs in the background to provide real-time protection against malware and other security threats. However, some Internet users complain that this process consumes an excessive amount of resources at times, which causes discomfort when using the PC.

Antimalware service executable high cpu

There are several factors responsible for this. First, Defender periodically performs a full scanning, analyzing every file in the system. Such a process requires a lot of resources, so some devices start to slow down. Second, like most modern anti-malware solutions, Defender uses heuristic detection to check certain elements with special attention, potentially causing temporary system slowdowns.

Although all anti-malware solutions consume a significant amount of resources during a scanning process, none of the third-party ones have an annoying habit of starting the scan sporadically. Also, due to certain bugs, it may simply hang up on a certain point of the scanning process, keeping the resource consumption high. Let me explain how to fix such a behavior.

Resolve of Antimalware Service Executable High CPU Consumption

There are several ways to solve the problem of excessive resource consumption by Defender. They are not complicated, but they do require some action from the user:

Disable Scheduled Scans in Task Scheduler

The main reason for Antimalware Service Executable high CPU consumption is that Defender runs a full scan, regardless of whether the user is actively using the device or the system is idling. The solution is to set a specific time for Defender to perform a full system scan. This is something like Active Hours in the Windows Update section, which does not apply to Defender’s activity for some reason. To change the scan schedule, press Start, type “Task Scheduler”, and open it.

Antimalware Service Executable high memory

In the left pane, click Task Scheduler Library, then navigate to Library→Microsoft→Windows→Windows Defender. You will see Windows Defender Scheduled Scan, Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification in the middle pane as you open the Windows Defender folder. All these four services need to undergo the following procedure.

Disable scheduled scans Defender

We will start with Windows Defender Scheduled Scan. Double-click on it, click the Conditions tab, and uncheck all options to clear scheduled scans.

Disable scheduled scans, enable triggers

Now, you must create a trigger to call a task at a certain time. To do this, go to the “Triggers” section and click “New…”.

Select a time that will not interfere with your activities, choose “Daily”, and set how often Defender will perform the scan (by default, it is recurring every day), then click “OK”. If you do not need the scans to happen at all, you can just keep this parameter at “Disabled”. Repeat these actions for each item.

Exclude MsMpEng.exe from Scans

One particular place where Microsoft Defender may have issues is while scanning its own files. The ultimate privileges of this program obviously conflict with themselves when it comes to scanning its files. To fix this silly issue, open Task Manager and find Antimalware Service Executable in the processes list. Right-click on it and select Open File Location in the drop-down menu.

MsMpEng.exe file location

In the opened window, you need to copy the full path of the Antimalware Service Executable. Click on the address bar with the right mouse button and press “Copy path”.

MsMpEng copy path

Now launch Windows Defender. You can use the Start Menu search bar to input Windows Defender right there and open the first found item.

Windows Defender screenshot

In the opened Windows Defender Security Center, go to “Virus & threat protection” → Virus & threat protection settings.

MS Defender set exclusions

Scroll the settings down to Exclusions and click “Add or Remove exclusions”. On the opened screen, press Add and Exclusion, select Folder, and paste the path from your clipboard. Click Open, and Windows Defender will not scan the folder where Antimalware Service Executable is located.

Disabling of the On-run Protection

This method is the quickest and a temporary solution, as it disables its background protection until the next system startup. Open Defender, click “Virus & threat protection”, and select “Manage settings”. Switch all the toggles to the “Off” position.

Defender protection settings screenshot

Completely Disable Windows Defender

I strongly advise against completely disabling Defender, as it puts your system at risk. However, if you accept all the risks, follow the instructions carefully, as changing various registry settings can lead to serious system problems.

Regedit

In the opened Registry Editor, take the following path using the navigation pane on the left side of the window: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

DisableAntiSpyware registry entry

Right-click the right pane of the Registry Editor window and, in the dropdown menu, select: New → DWORD (32-bit) Value. Name this entry DisableAntiSpyware. Double-click the entry and set its value to 1.

Use an Alternative Solution

If you still decide to stop using Windows Defender, you can use alternative solutions from third-party developers. GridinSoft Anti-Malware is an excellent alternative to the standard Windows solution. Moreover, it has several advantages, including optimization—the application consumes a moderate amount of resources during a full scan, allowing for comfortable use even on devices with less powerful hardware.

Additionally, GridinSoft Anti-Malware includes an Internet Security module, which blocks phishing and potentially unsafe websites. Furthermore, using this tool does not require disabling Windows Defender, allowing you to use both solutions simultaneously, complementing each other.

Antimalware Service Executable

The post Antimalware Service Executable appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/antimalware-service-executable-high-cpu-memory-fix/feed/ 0 9119