What is Werfault.exe?

Werfault.exe is a Windows Error Reporting (WER) process. It is responsible for handling error reporting in Windows operating systems. WerFault.exe was first released on 11/08/2006 for Windows Vista and is still present in Windows 10 and 11. Such errors arise when loading WerFault fails, either during the start of the application or, in some cases, while the application is running.

Thus, when a program encounters an error, Werfault collects information about it. It includes the program causing the error, the nature of the error, and system information. Next, Werfault offers options for sending this information to Microsoft for analysis. This will help Microsoft improve the stability and reliability of Windows (probably). Werfault.exe typically runs in the background and should not usually require user interaction unless prompted by an error.

Fix Werfault.exe Application Error

Werfault.exe error usually means an issue with the Windows Error Reporting process or an application causing it to crash. However, it’s nothing to worry about if it only happens one or two times!

But if the WerFault.exe error occurs repeatedly and causes trouble, or if it takes a relatively high CPU power in Task Manager, you should take action to resolve it. Here are some steps that you can take to try and fix this issue:

Step 1. Update Windows

Windows constantly improves to enhance its stability and reduce program crashes. To achieve this goal, Microsoft provides regular security updates and bug fixes. You may encounter security issues and bugs if you don’t install these updates. A couple of particular Windows updates broke WerFault, which Microsoft addressed in further patches. To check for updates, press the Windows key + I and click “Windows Update”. If there are any updates available, download and install them.

Step 2. Run the Windows SFC Scan

The SFC tool repairs corrupt system files that can cause Werfault.exe errors. Press Windows key + R, type “cmd”, and hit Ctrl+Shift+Enter to open Command Prompt as administrator. Next, type or paste in the Command Prompt “sfc /scannow” and press enter.

After completing the scan, Windows will attempt to repair any corrupt files. Finally, restart your device and check if the error is corrected. If the scan finds corrupt files, but Windows is unable to repair them, try repairing corrupt system files using repair tools.

Important note! Avoid downloading and copying WerFault.exe to your Windows system directory from third-party sites. Microsoft typically does not release standalone Windows EXE files for download because they are already bundled together inside a software installer. This may cause system instability and stop your program or OS from functioning.

Step 3. Use Repair Mode

Please restart your PC using the pressed Shift button—this will turn the device into Automatic Repair. Select Advanced options to enter WinRe and choose your language. Next, select the Troubleshoot and Advanced options.

Select Command Prompt, log in with your account and run the below commands.

chkdsk X: /f
bootrec /fixmbr
bootrec /fixboot
bootrec /scanos
bootrec /rebuildbcd

Note: If you installed the system update before the system is abnormal, you can use “Uninstall Updates” to uninstall recent updates (which include Quality updates and Feature updates; try both).

Step 4. Try to Find Malware

While Werfault.exe is a legit executable file, its activity may be attributed to malicious software. Hackers use DLL sideloading technique by exploiting the WerFault.exe tool to deploy malware onto compromised systems. This method allows them to infect devices discreetly without triggering antivirus alarms. During this exploitation, you may see the said errors coming from WerFault.exe, as well as the process itself in the Task Manager.

Malware can sometimes exploit genuine processes in its activity. This can cause program crashes and, in some cases, trigger the werfault.exe error. I recommend GridinSoft Anti-Malware; it is best suited to detect and remove even sophisticated malware.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Werfault.exe Error appeared first on Gridinsoft Blog.

What is the problem with Ryzen 9000 CPUs?

There is a rather significant backlash going on right now around the Ryzen 9000 series, the latest AMD CPU lineup. Long story short – the company promised performance boost numbers that the new processors failed to provide. Not only users, but renowned YouTube channels found the performance difference shameful and not even near what was promised in promo materials.

Trying to find the reason, AMD has discovered a bug in Windows 11 that affects CPU performance across the board. Although they’ve claimed it affects only new Zen 5 CPUs, the bug apparently causes issues on Zen 4 processors to the same degree. Which leads users back to the question “why Zen 5 CPUs have so little performance uplift”, but we’re not talking about that right now. What is more interesting and important is AMD’s guide on how to mitigate the said bug and get the full performance.

How to boost AMD CPU gaming performance on Windows 11?

The problem that AMD blames apparently sits in Windows low-level power management, that depends on user privileges. Having a user- or normal admin-level account effectively leads to decreased high-frequency burst times and less-than-expected performance. There is a so-called “super-admin” profile in Windows, that will not show up by default. And using it allegedly removes any power restrictions and allows getting the full potential of the CPU. Now, let me show you how to get in that super-admin account.

Go to Search and type “Command Prompt”; run it as administrator. In the appeared window, type the following command:

net.exe user administrator /active:yes

Once the command is complete, go to Start, click the Power button and opt for “Sign out”. This will throw you to the login menu, where you will see the “un-hidden” super-administrator account in the lower left corner. As Windows counts that account as new, it will show you the “Hello, wait a bit” screen for several minutes. System just sets up the applications and the account. After that, use the system as you normally would.

This method is confirmed to increase performance by 8-10% on Zen 4 and Zen 5 parts. However, the bug is characteristic only to Windows 11, so Windows 10 users, who are still the majority of OS users, won’t see any difference. At the same time, AMD claims Microsoft acknowledged that issue and should release the fix in the near future.

Possible Security Risks

Gaining 10% FPS boost with no hardware upgrades may sound like a miracle, though it is not completely clear of any issues. Super-administrator privileges mean that any process and application will run instantly, without explicit confirmation. And that is a major security risk: a lot of malware still gets caught when the UAC window pops up. In the super-admin mode, there would be no such windows, so the outcome of that mod downloaded from a sketchy site will come unexpectedly.

To secure the system against malicious programs and keep enjoying games at peak FPS, consider using GridinSoft Anti-Malware. It never tries to scan the system while the game is going; there are no bundled programs that will take up the precious disk space. And its detection rates are impressive, too, thanks to the multi-component detection system that can protect from both malware and malicious websites.

The post AMD Ryzen CPUs Slowed Down by Windows 11 Bug appeared first on Gridinsoft Blog.

How to Disable Microsoft Defender in Windows 10/Windows 11

There are two ways to disable Microsoft Defender: one is temporary, and the other is permanent. We’ll skip the temporary method since you’re probably here for the latter. Since the Microsoft Defender versions in Windows 10 and 11 are almost identical, this guide is applicable to both. A crucial note – these actions are only possible if you’re using an administrator account.

One more warning: I don’t recommend disabling Microsoft Defender, as this will leave your system unprotected and could have negative consequences. If you have reliable anti-malware software, like GridinSoft Anti-Malware, already running in the system, then it is fine. Otherwise, you expose your system to a significant malware risk.

Let’s begin. The first thing you need to do is disable Tamper Protection – a self-protection feature of Defender that prevents it from being disabled or tampered with externally. To do this, open Windows Security, click on Virus & Threat Protection → Manage settings.

Scroll down to Tamper Protection and turn it off. This will allow you to proceed with the next steps.

Next, open the Group Policy Editor. To do this, press the “Win + R” keys on your keyboard, and in the Run dialog that appears, type or paste “gpedit.msc” and press Enter.

In the window that opens, navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus.

Find the file named “Turn Off Microsoft Defender Antivirus,” double-click it, select “Enabled,” and then click Apply and OK to apply the changes.

Disabling Microsoft Defender with Regedit

For some users, such as those with the Windows 11 Home edition, the previously mentioned method won’t work because these versions don’t have access to the Group Policy Editor. In this case, you can use the Registry Editor. To do this, press the “Win + R” keys again and type “regedit”.

In the Registry Editor window, navigate to the following path:

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

In this folder, right-click on an empty space, create a new DWORD (32-bit) value, and name it “DisableAntiSpyware”.

Double-click on it to open it, set the Value data to “1”, and make sure the Base is set to “Hexadecimal”. Then click “OK.” Restart your PC to apply the changes, and this should disable Microsoft Defender.

Disabling Microsoft Defender with Command Prompt

If you encounter any difficulties with the last method, you can also disable it using the Command Prompt. To do this, open the Start menu or search bar and begin typing “cmd”. When the Command Prompt appears, click “Run as Administrator.”

Copy the command below, paste it into the Command Prompt window, and press “Enter,” as shown in the screenshot below:

reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Microsoft Defender" /v DisableAntiSpyware /t REG_DWORD /d 1 /f

That command essentially performs the actions from the previous method. After doing that change, reboot the computer for them to take effect.

Should You Disable Defender?

As I mentioned earlier, I don’t recommend disabling Microsoft Defender without a serious reason. The Windows system requires security solutions, and Microsoft addressed this by adding a built-in solution that meets the needs of most home users. This solution has undergone significant evolution and now offers a sufficient level of protection, including features like Zero Trust, sandboxing, and quite high effectiveness.

However, despite all the advantages, there’s another side to the story. All these features consume a significant amount of resources. While this may go unnoticed on modern, powerful machines, users with less powerful devices might experience some difficulties when using the system. This is particularly true for machines that use an HDD instead of an SSD. During background scanning, Microsoft Defender can noticeably strain the hard drive.

In any case, if you plan to disable Microsoft Defender completely, I don’t recommend leaving your system unprotected. Furthermore, I would suggest considering alternative solutions, such as GridinSoft Anti-Malware. It offers advanced functionality, including key components like proactive protection and an Internet Security module.

The post How to Disable Windows Defender? Windows 10 & 11 Guide appeared first on Gridinsoft Blog.

Is Safe Mode Good for Malware Removal?

Despite being quite useful for malware removal operations, Safe Mode was not meant for this kind of activities. Its main purpose is troubleshooting: in this mode, Windows starts without quite a few modules, startup programs and things planned in Task Scheduler. This, however, is exactly what prevents malicious programs from executing, since the majority of them rely on either startup or the Scheduler.

Why would one need all this during malware removal? While active, viruses may block executable files from running, or overload the system making any operations impossible to accomplish. The latter is characteristic of coin miners and, in some cases, proxyware. This makes installing antivirus and anti-malware programs nearly impossible, and Safe Mode allows omitting these problems altogether.

How To Run Windows in Safe Mode

There are several ways to enter Safe Mode, which vary depending on certain factors. One particular thing I recommend you to stick to is using Safe Mode with Networking, as it allows connecting to the Internet. If you are using Windows without a password on your user account, it will be much easier to get into Safe Mode. For Windows 10/11 without a user account password, you can follow these steps:

Method 1. Using the Restart Option

Click “Start”, click “Power”, and then click “Restart” while holding the Shift key.

In the menu that appears, select “Troubleshoot” → “Advanced options” → “Startup Settings” → “Restart”.

Then choose the Safe Mode with Networking and press the corresponding key (usually F4 or F5, depending on Windows version).

Method 2. Using Settings

Click “Start” and open “Settings”. In the left menu, click “System”, then scroll down and click “Recovery”.

Under “Recovery options”, select “Advanced startup” and click “Restart now”. Then follow steps 2 and 3 from the first method.

Method 3. Interrupting Normal Boot

Another way to get into Safe Mode is to interrupt the normal boot process three times in a row. In case of three consecutive unsuccessful boots, the OS will automatically enter the Windows Recovery Environment (WinRE), which is useful if you are unable to start Windows for some reason. After this, follow steps 2 and 3 from the first method.

Windows with a User Account Password

If your device is protected by a user account password, you will not be able to use the previous methods. This is related to Windows security and BitLocker, which encrypts all disks. The only way to enter Safe Mode in this case is through System Configuration. Follow these steps:

Press the Win key + R, and in the window that opens, type “msconfig”.

In the System Configuration window, go to the “Boot” tab. Under Boot options, check the “Safe boot” checkbox.

Click “Apply”, then click “Restart”. Now your system will default to booting in Safe Mode until you perform the first two steps again and uncheck the “Safe boot” checkbox.

How to Remove Malware and Viruses in Safe Mode?

If you’ve decided to remove malware from your device with the use of Safe Mode, you may need to know where to look for malware. There are several locations as well as visual signs that may help you with locating the threat. However, I still recommend combining this mode with an anti-malware scan, which I will show later.

Typically, the majority of malware follows certain patterns in where it stores its file. Knowing even a few key locations can help detect the threat in just a few clicks. Malware often uses temporary or hard-to-reach system folders, such as AppData\Roaming\Temp, root directory of AppData\Roaming, and AppData/Local. By default, these folders are hidden from the user, so you need to enable the display of hidden files in the File Explorer settings to access them.

In addition to the location, it is important to pay attention to files with strange or unfamiliar names. Malware usually uses random combinations of letters or numbers to make them look like some generic log files. Another thing to check is the digital signature certificates of the files, especially if there’s a suspiciously looking file that has a valid name. If the certificate issuance date indicates the future, or the issuer is an unrelated company, it is most definitely malware.

However, detecting and removing malware manually is not only an extremely labor-intensive process but also not always effective. Malicious programs often create copies of themselves in the system and regenerate from them after deletion. This is why using specialized tools that automatically and reliably detect and remove malware is the best solution. As mentioned earlier, Safe Mode disables most Windows services, including Microsoft Defender. It cannot be enabled until you boot the computer in standard Windows mode.

To remove malware in this mode, you need to install third-party solutions. This is why network access is necessary after entering Safe Mode—the malware might block the installation. GridinSoft Anti-Malware is an excellent solution for removing malware in Safe Mode. The detection databases of this antivirus are updated hourly; additionally, it offers a Proactive Protection feature, which protects the system in the background after a normal system boot. Combined with the overall ease of use of the program, it becomes a great option for any system.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post How to Remove a Virus From a Computer in Safe Mode appeared first on Gridinsoft Blog.

Windows Cannot Access Error Overview

There are quite a few reasons for this issue to appear, and, as its name implies, the reason for this is the system facing troubles with accessing what you ordered it to access. Most commonly, it follows the attempt to run a program, open a certain directory or an attached drive. The deeper reason for all this is the malfunction of certain system settings, account permissions, or sometimes hardware. In rare cases, it is a rather intended behavior of the system, particularly when the security system interrupts the normal operations.

Fixing steps for the issue will therehence differ quite a lot, and the user may need to go through multiple solutions to find what exactly is wrong. Unfortunately, it is pretty hard to say what exactly caused the issue, if we are not talking about digging through event logs and similar complicated stuff. Below, you will find the comprehensive list of solutions that target pretty much any possible source of the Windows Cannot Access issue.

Several specific cases of this error appear to refer to some of the popular online games, namely Valorant and League of Legends. Users complained about the issue preventing the game from running, despite the game launcher working fine.

Windows Cannot Access The Specified Device, Path of File Ways to Fix

We begin with the least complicated fix options, as it is hard to get hold of realistic stats about which fix is the most effective. One should thoroughly follow the guide, as skipping steps can stop the solution from working.

Wait for an Update

In the actual case of Windows Cannot Access that I’ve just described, the only working remedy was just to sit and wait for the fix to appear. It may happen to pretty much any game, even the largest titles, and the developers will likely fix the problem in just a few hours. To be a good citizen, you can also report the issue on the game/app forum, unless it is already reported.

Run App as Administrator

Yes, this obvious step may sometimes help with solving the Windows Cannot Access problem. Either the user can lack access permissions for a specific directory the file is located in, or the program tries to access one, having only user privileges. It is a particularly common case when the program works with system files, ones from the C:\\Windows folder.

Reinstall the Program

Among the most efficient advice for solving the Windows Cannot Access issue that happens to a specific program is to simply reinstall it. If the files were corrupted, any attempt to run the program will lead to the system stumbling on these bad files and showing the said pop-up notification.

Create a New Shortcut

A particularly common case for this error to happen is when the user tries to run a program through a shortcut, but the executable file’s address has changed. Thus, the shortcut tries to run a non-existent file, causing errors. And to make it work properly, one should create this shortcut from scratch.

Open the folder of a program (or a file) you are trying to open. There, find the executable file (.exe extension) or the file you need, click it with the right mouse button, and find “Create shortcut”. For Windows 11, you may need to click the “Show more options” button to show the extended menu with this function.

Check for Correct Software Location

Similarly to the shortcut issue, you may have placed the software or a file you are trying to run on an attachable drive. All the shortcuts in this case will be functioning until you plug off the drive. If you have attachable drives, consider plugging them into the system and trying again. This is especially probable if you were installing certain software from that drive: programs often default to their installer directory.

Stop Third-Party Security Software

Among the other reasons for Windows having troubles accessing certain folders and files may be the interference from third-party software. In particular, antivirus programs are capable of disrupting access to certain folders – both when they are performing the scan or when the folder is considered malicious. Removing this block is possible only through stopping the antivirus from running.

Find it among the programs in the system tray, click the icon with the right mouse button, and choose “Exit” (or a similar option). This should stop the antivirus from running, at least until the next system reboot.

Disable PUA Protection

One more problem that stems from antivirus software, particularly from Microsoft Defender, is the app being blocked with the PUA protection feature. As the name suggests, it aims at preventing unwanted apps from running. Thing is – MS Defender is not ideal and may have false positives, leading to a genuine app being blocked.

To solve this, you can either create MS Defender exclusion or disable the corresponding option in the Settings. The first one is recommended, as disabling the entire protection block for running a single app is a bit of an overkill. Open Windows Security, go to Virus and Threat Protection and click “Manage Settings”.

Here, scroll all the way down to find Exclusions, and click Add or Remove Exclusions button to continue. The menu that follows is rather simple to use: just click the button and paste the location of the file that you cannot open correctly.

Upgrade File Permissions

In certain cases, it is not user permissions that do not allow the program to reach specific locations, but the lack of permissions of the program itself. This may happen particularly often in the systems that have multiple users . Fortunately, to solve this, you don’t need to make any significant changes – just give the file additional permissions. Click the file that caused the Windows Cannot Access issue with the right mouse button, go to Properties → Security, and click on the account you are currently using. Now, deselect all the checkboxes from the column titled “Deny” (to the right).

This should disable any restriction that may stop the system from accessing the files and showing the error notification.

Enable Admin Permissions in Gpedit

In a selection of cases, the reason for the Windows Cannot Access error is the lack of user privileges. While this may be solved locally, for specific apps, as I’ve just shown above, the best option is to grant max permissions for all the user actions. To do this, you would need to go through the Group Policies Editor.

Click Win+R and type “gpedit.msc” – this will open the Group Policy Editor. Here, go to Local Computer Policy → Computer Configuration.

In this menu, find the Admin Approval Mode for Built-In Administrator. This policy is what allows us to skip the addiitonal approvals and execute all the programs with admin permissions even for regular users. Set its value to Enabled, then press Apply and Ok. Reboot for the changes to take effect, and try running the file again.

Check for Source Disk Integrity

One particular reason for the files corruption described in one of the paragraphs is disk issues. Despite how reliable modern disks are, there is still a possibility of it having a bad sector or cell. This step is not that much about fixing the existing issue rather than detecting the source and preventing it in future.

Pick a disk check tool of your choice and scan all of your drives. I particularly recommend a free Victoria HDD tool – a renowned software of this kind. Presence of sectors with significant access delay, or even outright bad sectors is what you may blame for the Windows Cannot Access issue. Most of the disk scanning software also offers to fix the issue by remapping the drive, so you will be able to fix all the issues without going for a lot of software. This, however, is far from being the only possible source of the problem.

Reinstall Windows

There are cases when the Windows Cannot Access error is an outcome of some severe system malfunctions. You can understand that this is the case when, aside from this error, you see your system going completely crazy: missing menus, reboots, random BSODs and overall bad system performance. In that case, all the aforementioned methods are unlikely to work, simply because the problem is deeper than file locations or misconfigurations. And the only and the best remedy here is to perform a clean system installation.

You can opt for the reinstallation way you like: clean install from a thumb drive, using restore point or a backup, or else. I will only warn you against downloading system images from third-party sites, due to the risk of new problems or even malware.

Can the Windows Cannot Access Error be a Virus Sign?

Yes, this error may be caused by malware activity. Quite a few samples of malicious software mess up with system and software settings, in order to arrange their own needs. In particular, such activity is characteristic to spyware, backdoors, dropper malware and sometimes ransomware. Most of them are rather hard to notice without specialized software, so I recommend scanning the system with GridinSoft Anti-Malware.

Please note that malware removal does not always fix the issue. Settings that have changed will remain the same, and one may need to go through the steps from above to get the system functioning correctly.

The post Windows Cannot Access The Specified Device, Path or File Error Fix Guide appeared first on Gridinsoft Blog.

Sihost.exe – What is It?

Windows has many background processes, each of which is responsible for something. The Sihost.exe process (Shell Infrastructure Host file) is a critical executable file that executes various system processes. This file involves the following actions: the Start menu, launching the context menu, action center, Cortana, file explorer, etc.

It is essential to understand that Sihost.exe is not a virus. It is a legitimate system process, which you should not stop or delete due to its importance to the system’s stability. However, its name nonetheless can be used by malware, to get a better disguise in the system. You can observe this file in Task Manager in the list of Windows processes. To do this, launch Task Manager, go to the “processes” tab, sort them by name, and scroll down to the “Windows processes” section. Then scroll down some more, and you will see “Shell Infrastructure Host“. In a normal state, this process does not load the system in any way and uses about 6 MB of RAM and miserable amounts of CPU.

Is Sihost Malware?

As I wrote above, malware sometimes masquerades as a legitimate Windows process, using the name of Sihost.exe in particular situations. However, even a legitimate file may consume more resources in some specific cases.

Checking Sihost.exe Location & Properties

To ensure the process is legitimate, let’s review the sihost.exe instance. First, check its properties through the Task Manager. For this, click with the right mouse button and opt for “Properties.”

There, click on the “Details” tab and ensure it says Microsoft Corporation before copyright.

The next step is to look at the sihost.exe location. Close the previous file properties window, right-click on the process, and select “Open File Location.”

By default, the file is located at C:\Windows\System32\. If the file location differs, there is a chance that the name of Sihost is used by malware. We recommend scanning your computer with GridinSoft Anti-Malware.

Fix Sihost.exe High CPU Usage

Suppose your file is legitimate after running the tests but consumes an abnormally high amount of resources. In that case, you can perform the following steps:

Reboot your PC. This is an obvious and trivial tip, but it solves a lot of problems. If the problem hasn’t gone away after rebooting or reappears after a while, move on to the next step.

Run the System File Checker tool (SFC.exe). Some user or software actions can adversely affect system files. Restoring important system files should solve such problems. To do this, open Start and write “cmd,” then click “Run as administrator.” Next, paste “DISM.exe /Online /Cleanup-image /Restorehealth” into the command prompt window. If necessary, this action will check your system files and download them from the Windows Update Center.

Reinstall Microsoft Redistributable Packages. These packages are necessary for some programs to work, but they can cause the Shell Infrastructure Host to become unstable. To do this, uninstall all installed packages, download the installation file from the Microsoft website, and reinstall it.

Reinstall the Photos app. Previously, a memory leak bug caused the excessive resource usage of Sihost. You can follow these steps if you encounter the same problem on your computer. First, uninstall the Photos app from your device. Then, open the Microsoft Store and download the app again. This should resolve the issue.

If the above steps do not solve the situation, I recommend running a malware scan on your system. To do this, download Gridinsoft Anti-Malware and run the scan.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Sihost.exe appeared first on Gridinsoft Blog.

What is SearchHost.exe?

SearchHost.exe is a process that is part of the Windows Search Indexer service. This service starts automatically at system startup and runs in the background. It scans the files on your computer and creates an index that speeds up searching for files through the start menu and Explorer. You can customize the indexing settings by choosing which folders and file varieties to include or exclude from the index. It is also possible to pause or resume indexing at any time.

Typically SearchHost.exe is located in the C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy folder. This is the default location for this process, and if you find it in a different folder, it could be a sign of a virus. SearchHost.exe is not essential to the operation of the system, but it is useful for the convenience of finding files. If you don’t use search often, you can disable SearchHost.exe the Windows Search Indexer service to save system resources.

High CPU/GPU and memory usage – Why does this happen?

SearchHost is responsible for indexing the Start Menu and Explorer search files in Windows. Typically, this process does not require a lot of computation power, but there are certain situations here when things are different.

SearchHost High CPU Consumption

During the initial indexing process, Searchhost.exe may create quite a load on your CPU, especially on weaker systems. If it is uncomfortable to use the system, you can do the following:

1. Wait for indexing to finish. You can see the indexing progress in the Search and indexing settings. This can take from a few minutes to a few hours, depending on the number and size of files on your computer.
   

   

2. Pause the indexing process. You can pause indexing for 15 minutes, 1 hour, or until your computer restarts. To do this, right-click on the search icon in the taskbar and select Suspend Indexing.
   
3. Customize indexing options. You can choose which folders and types of files to include or exclude from the index. To do this, open the search and indexing settings and click the “Advanced”. You can also change the indexing schedule so that it happens at a time that is convenient for you. This way, you may reduce the time required to finish the indexing or decrease the load it creates.
   

   

4. Disable the Windows Search Indexer service. You can turn off the Windows Search Indexer service if you don’t use search often or don’t need to index files:
   • Open the Services Manager, find the Windows Search service, right-click on it, and select Stop.
     

     

   • Then right-click on it again and select “Properties”.
     
   • In the “Startup Type” field, select “Disabled” and click “OK”.
     
5. In case you cannot manually disable this service, you can prevent SearchApp.exe from running by following the instructions below:
   • Type cmd in the search box and click Run as administrator to open elevated Command Prompt.
     
   • In the Command Prompt window, type the command below and press Enter to execute it. This will launch System Applications on your computer.
     cd %windir%\SystemApps\
     
   • Then, execute the following command to delete the process.
     taskkill /f /im SearchApp.exe
     
   • After all, execute this last command:
     move Microsoft.Windows.Search_cw5n1h2txyewy Microsoft.Windows.Search_cw5n1h2txyewy.old
     

SearchHost High GPU Consumption

The SearchHost.exe process may actively load your discrete video card to index new files and features. This is particularly a thing in Windows 10 past the 2004 update. System uses a GPU to perform the same indexing operations, though it is not always desirable for the user. You can disable the service in the same way as in the case with high CPU load – see the instruction above.

Additionally to completely remove Cortana, run this command in Administrator-level Powershell:
Get-AppxPackage -all users Microsoft.549981C3F5F10 | Remove-AppxPackage

SearchHost High Memory Consumption

If SearchHost.exe is taking up a lot of memory, you can do the following:

Indexer Troubleshooting

Run Search and Indexer Troubleshooting. You can run search and indexing troubleshooting, which can fix some errors and problems related to the operation of the Windows Search Indexer service.

1. Open the Search and Indexer settings and click on “Troubleshoot search and indexing”.
   
2. After the verification process, you will be prompted to restart your computer if required.
   
3. Run the SFC command. This can check and repair corrupted system files that may be affecting the Windows Search Indexer service.
4. Open a Command Prompt as administrator and type:sfc /scannow
   
5. Wait for the scan to finish and restart your computer.

Defragment the disk

This will improve speed and performance of your computer. Disk defragmentation merges fragmented files that take up more space and slow down access to them.

1. Open Explorer.
2. Right-click on the disk you want to defragment and select “Properties”.
   
3. Choose the “Tools” tab and click on “Optimize”.
   

Check you computer for malware

If you find any inconsistencies, do not rush to delete the file, as it may lead to undesirable consequences. First, check it for viruses. Consider performing a full system scan with a quality antivirus software like Gridinsoft Anti-Malware and remove all detected threats. You can also check the process file for viruses using an online service such as Online Virus Scanner

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post SearchHost.exe – Is SearchHost a virus? appeared first on Gridinsoft Blog.

WinRing0x64 Overview

WinRing0x64.sys is a crucial software component that allows applications to gain low-level access to hardware components for system monitoring or overclocking purposes. It bypasses high-level interfaces provided by the operating system to interact directly with the hardware. This makes it essential for applications that require this type of access. Most often, this driver uses software that controls RGB backlighting. As a result, the process will appear in Task Manager.

It is essential to understand that WinRing0x64.sys is not malicious. Although it is generally safe and helpful for specific applications, it can pose potential risks if misused. For example, the ability for direct hardware access is exceptionally beneficial to malicious miners. As it allows access at such a low level, malicious software could exploit it to gain control over hardware components. And since it is a valid Windows driver, such a trick makes the malware more complicated to detect.

WinRing0x64.sys – What Software Uses It?

As I said above, WinRing0x64.sys is most often used by software for backlight control and hardware overclocking. Noriyuki MIYAZAKI, MasterPlus, EVGA Precision, and Intel Processor Diagnostic Tool are the most common programs. Since the algorithm of driver usage is similar to malware, some antivirus solutions erroneously block this driver like a Usermode Font Driver Host.

This driver is not mandatory for Windows, so it can be removed. In practice, however, it is deactivated by uninstalling the software that uses the driver. Depending on the software, it may be located in a subfolder of “C:\” or sometimes in a subfolder of the user’s profile folder or the folder with the installed program. Although the driver does not have its window, it may appear in the running processes in Task Manager.

Is WinRing0x64.sys Malware?

Although WinRing0x64.sys is a legitimate driver, it is sometimes detected as a trojan. For example, some users complained about blocking winring0x64.sys by antivirus after installing EVGA Precision Overclocking software for graphics adapters. To understand whether a file is malicious or not, you need to compare some factors, such as how many resources the process consumes, whether any software needs this driver, etc.

Suppose you downloaded video card software from an official website, which is detected as a trojan. This is most likely a false positive. On the other hand, if you have a laptop with Intel HD graphics but there is WinRing0x64.sys in Task Manager, it is a reason to dig deeper. Although WinRing cannot load the system to 100%, it can allow other processes to do this. So, if a suspicious process on your system consumes an abnormal amount of resources and you see WinRing0x64.sys among running processes, this is a red flag. In such a case, I recommend running a full scan with Gridinsoft Anti-Malware.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post WinRing0x64.sys appeared first on Gridinsoft Blog.

What is Antimalware Service Executable?

The Antimalware Service Executable is a core process of Microsoft Windows Defender, the built-in antivirus software in Windows. This process, also known as MsMpEng.exe, runs in the background to provide real-time protection against malware and other security threats. However, some Internet users complain that this process consumes an excessive amount of resources at times, which causes discomfort when using the PC.

There are several factors responsible for this. First, Defender periodically performs a full scanning, analyzing every file in the system. Such a process requires a lot of resources, so some devices start to slow down. Second, like most modern anti-malware solutions, Defender uses heuristic detection to check certain elements with special attention, potentially causing temporary system slowdowns.

Although all anti-malware solutions consume a significant amount of resources during a scanning process, none of the third-party ones have an annoying habit of starting the scan sporadically. Also, due to certain bugs, it may simply hang up on a certain point of the scanning process, keeping the resource consumption high. Let me explain how to fix such a behavior.

Resolve of Antimalware Service Executable High CPU Consumption

There are several ways to solve the problem of excessive resource consumption by Defender. They are not complicated, but they do require some action from the user:

Disable Scheduled Scans in Task Scheduler

The main reason for Antimalware Service Executable high CPU consumption is that Defender runs a full scan, regardless of whether the user is actively using the device or the system is idling. The solution is to set a specific time for Defender to perform a full system scan. This is something like Active Hours in the Windows Update section, which does not apply to Defender’s activity for some reason. To change the scan schedule, press Start, type “Task Scheduler”, and open it.

In the left pane, click Task Scheduler Library, then navigate to Library→Microsoft→Windows→Windows Defender. You will see Windows Defender Scheduled Scan, Windows Defender Cache Maintenance, Windows Defender Cleanup, and Windows Defender Verification in the middle pane as you open the Windows Defender folder. All these four services need to undergo the following procedure.

We will start with Windows Defender Scheduled Scan. Double-click on it, click the Conditions tab, and uncheck all options to clear scheduled scans.

Now, you must create a trigger to call a task at a certain time. To do this, go to the “Triggers” section and click “New…”.

Select a time that will not interfere with your activities, choose “Daily”, and set how often Defender will perform the scan (by default, it is recurring every day), then click “OK”. If you do not need the scans to happen at all, you can just keep this parameter at “Disabled”. Repeat these actions for each item.

Exclude MsMpEng.exe from Scans

One particular place where Microsoft Defender may have issues is while scanning its own files. The ultimate privileges of this program obviously conflict with themselves when it comes to scanning its files. To fix this silly issue, open Task Manager and find Antimalware Service Executable in the processes list. Right-click on it and select Open File Location in the drop-down menu.

In the opened window, you need to copy the full path of the Antimalware Service Executable. Click on the address bar with the right mouse button and press “Copy path”.

Now launch Windows Defender. You can use the Start Menu search bar to input Windows Defender right there and open the first found item.

In the opened Windows Defender Security Center, go to “Virus & threat protection” → Virus & threat protection settings.

Scroll the settings down to Exclusions and click “Add or Remove exclusions”. On the opened screen, press Add and Exclusion, select Folder, and paste the path from your clipboard. Click Open, and Windows Defender will not scan the folder where Antimalware Service Executable is located.

Disabling of the On-run Protection

This method is the quickest and a temporary solution, as it disables its background protection until the next system startup. Open Defender, click “Virus & threat protection”, and select “Manage settings”. Switch all the toggles to the “Off” position.

Completely Disable Windows Defender

I strongly advise against completely disabling Defender, as it puts your system at risk. However, if you accept all the risks, follow the instructions carefully, as changing various registry settings can lead to serious system problems.

In the opened Registry Editor, take the following path using the navigation pane on the left side of the window: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender

Right-click the right pane of the Registry Editor window and, in the dropdown menu, select: New → DWORD (32-bit) Value. Name this entry DisableAntiSpyware. Double-click the entry and set its value to 1.

Use an Alternative Solution

If you still decide to stop using Windows Defender, you can use alternative solutions from third-party developers. GridinSoft Anti-Malware is an excellent alternative to the standard Windows solution. Moreover, it has several advantages, including optimization—the application consumes a moderate amount of resources during a full scan, allowing for comfortable use even on devices with less powerful hardware.

Additionally, GridinSoft Anti-Malware includes an Internet Security module, which blocks phishing and potentially unsafe websites. Furthermore, using this tool does not require disabling Windows Defender, allowing you to use both solutions simultaneously, complementing each other.

The post Antimalware Service Executable appeared first on Gridinsoft Blog.

TextInputHost.exe – What is It?

TextInputHost.exe is a legitimate process in the Windows Feature Experience Pack. It is responsible for inputting text from different sources such as physical and virtual keyboards, touch input and the like. In addition, this process directly involves selecting emoji and gif images (Windows key + period key). It also ensures that the entered text is delivered to the appropriate applications in Windows 10 and later.

Since TextInputHost is a background process, the average user usually can’t see it except in the Task Manager. Under normal circumstances, it doesn’t consume a lot of resources, so disabling it will not have any effect. Although you can disable it, in that case, the above-mentioned emoji selection features will not work.

Troubleshooting

Sometimes, the TextInputHost process does not work correctly, negatively affecting the user experience. The process may crash or consume too many resources, especially GPU. That is in fact the reason why users try to disable the process or remove the executable. I don’t recommend doing that, so here are my troubleshooting tips that should help to solve the problem with the TextInputHost process.

TextInputHost.exe System Error

TextInputHost.exe System Error can be caused by various problems such as corrupted system files or conflicts with other software. Sometimes, this happens after the system recovery from a Restore Point. Here are some steps you can take to resolve the issue:

Check for updates. Sometimes, some components may not work correctly. Microsoft regularly releases updates to its products that fix problems that are discovered. Please ensure your OS is up-to-date and move on to the next point.

Perform an SFC Scan. The System File Checker (SFC) can repair corrupted or missing system files. To run an SFC scan, open Windows PowerShell as an administrator (Press the right mouse button on the Start menu → Windows PowerShell (Admin)) and type sfc /scannow, then press Enter.

TextInputHost.exe Crashing

Sometimes, the TextInputHost process may crash. This may be due to corruption of the file itself, outdated or incompatible drivers, or conflicts with third-party programs. In case of TextInputHost failures, reboot the computer – yes, this trivial action may fix the problem. But if the problem persists even after rebooting, you can perform the following actions:

Press the Windows + X keys on the desktop and select Windows Powershell (Admin) again. Then copy and paste the following commands, one line at a time, followed by Enter:

dism /online /cleanup-image /CheckHealth
dism /online /cleanup-image /restorehealth
chkdsk /f /r /b

At the end of each method, check if the problem has been solved. If it persists, try the next one. Disable third-party services (for advanced users). For a clean boot without third-party services, follow the steps below:

Press the Windows + R keys to open Run on the desktop. Next, in Run, type MSCONFIG and click OK to open System Configuration.

On the Services tab, check the option Hide all Microsoft services, click Disable All, and click Apply and OK. Please restart the computer.

If you solve the problem using this method, you can later choose to enable only the necessary programs and services to start with Windows instead of keeping all of them disabled. Suppose the issue reoccurs after enabling a specific service or program. In that case, the problem lies with the startup of that particular software, and it is advisable to remove it.

TextInputHost.exe Using GPU

Another problem that users face is TextInputHost.exe, which uses GPU. For the most part, it affects laptop users with Nvidia graphics chips, as they drain the battery very quickly, with no visible signs of increased load. It is difficult to answer why this happens, but you can discover and eliminate the cause.

First, please change your preferred graphics to integrated graphics. To do this, go to the Nvidia Control panel → Manage 3D settings → Global Settings Tab → Preferred graphics processor , and Change it to Integrated Graphics. See if this solves your problem.

If the problem is solved, switch to the Program Settings tab, select the desired game, and change Preferred Graphics to High Performance Nvidia Processor. Repeat this action with each game.

Solution 2. Starting with Windows 10 build 17093, Microsoft is introducing a new Graphics Settings page for multi-GPU systems. This page allows you to control applications’ graphics performance directly in the system settings. Right-click on the desktop, select Display settings, scroll down, and click Graphic settings.

Next, open the Task Manager’s Details tab, find TextInputHost.exe, right-click on it, and select Open file location. Copy the path to where it is located at the top of the Explorer window.

Once you’ve located the TextInputHost.exe file, it’s time to add it to the Graphic settings. Here’s how: In the Graphic settings window, click the Browse button and paste the previously copied address at the top. In the opened folder, select the TextInputHost.exe file and click Add. Then, click on the chosen file → Options → Power saving, and Save. Finally, reboot your device to apply the changes.

How To Disable TextInputHost.exe?

Although disabling TextInputHost is not a recommended action, sometimes it is necessary. If you still intend to disable it, follow the steps below:

Press Start and type “services” to find the Services app. Please open it and scroll down to find Touch Keyboard and Handwriting Panel Services.

Right-click properties → General tab, and change “Startup type:” to Disabled. Please reboot the system.

Open Task Manager and find TextInputHost. If it is not there, the problem is solved. However, if it is still running, right-click on it and select Open file location. Go back to Task Manager, right-click on the file, and choose End task. Then go to the previously opened folder with this file and rename it, for example, by adding the number 1 to its name.

Is Textinputhost.exe a Virus?

Obviously, TextInputHost.exe is not a virus, as it is a legitimate system file created and signed by Microsoft. However, malware may use this name to hide its activities. One particular malware type that often does this trick is coin miner trojans. To distinguish an original file from a fake one, make sure it matches the following characteristics:

Location. The original file is always in the same location at one of these addresses:

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\

Digital Signature. All executable files must have a valid digital signature, and the file we are interested in must be signed by Microsoft.

However, if you still suspect the file’s legitimacy, try to check your PC for malware. That will give you the ultimate answer, whether the Textinputhost.exe is safe or not.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post TextInputHost.exe appeared first on Gridinsoft Blog.