locked
Unsigned Core Windows Processes RRS feed

  • Question

  • Using Process Explorer from the SysInternals suite, I found that key windows processes are unsigned. Some of the key ones are as follows: smss.exe, csrss.exe, services.exe, wininit.exe, winlogon.exe.

    I have run Avast! boot time scan, Malware bytes memory scan, and MS Malicious Software Removal Tool with no results. Manual analysis with SysInternals suite gives access denied when trying to suspend these processes, and errors when trying to find cmd line execution or execution path.

    Booting the machine into safe mode with no networking and using Process Monitor reveals the signed versions of these processes.

    It is vary concerning that core Windows processes are not signed. Why would this be occurring, and how can it be fixed?

    Wednesday, April 1, 2015 1:02 AM