Host process for windows

exclamation ! warning the application is no longer signed host process for windows services

exclamation ! the application publisher changed from microsoft windows to “” host process for windows services

exclamation ! the application publisher changed from “” to microsoft windows host process for windows services

Is this a hack on my system, its orange exclamation. Than ks in advance.

I just got the same thing. Unless somebody can put my mind at ease, I’m assuming it’s a compromise and rebuilding my system.

Hello,

Did you see this alert after doing a Windows update? What OS are you both using?

Windows 7.

I just started using glasswire ( love it ). I’m not sure how long they have been there.

Waiting to see if alot of others have it. If alot have it, it is probably part of windows I hope.

We will try to recreate this on Windows 7 but so far I haven’t seen any reports about this besides these two.

My next reboot did include updates, so it might have been that. I didn’t do anything immediately prior, though.

I have noticed I get alerted via GlassWire to system changes after Windows OS updates. Here is a guide that might help https://www.glasswire.com/malware/.

Hi there. Just had the same alerts as seen above after reeboting my system along with the following:
Device “Microsoft ISATAP adapter” was removed
Device “Microsoft ISATAP adapter” was added
Did not do any updates prior to the reeboot and did not mess with the ISATAP, was playing with EMET though.

I have received this alert after doing a Windows update. Maybe it was EMET also.

Been running GlassWire for a couple of weeks now. Love the product.

I boot my system each day. Since I’ve been running GlassWire, I get two messages each time I boot.

Device “Microsoft ISATAP adapter” was added
Device “Microsoft ISATAP adapter” was removed

The time stamp on the message in GlassWire only shows hh:mm so I’m unable to tell if the messages are almost simultaneous or not. Having the :ss would be helpful.

The ISATAP adapter has to do with IPV6/IPV4. Since my system is fairly “old” hardware running Win7, I suspect that the OS is trying to complete IPV6 support but can’t find any eligible hardware so it gives up.

SnoShu,

One of our developers was seeing a similar problem. I think we fixed it for the next release that will be out soon. If the update doesn’t fix the problem please email us or post here again.

You can also go to Settings/Security and disable System file monitor if it’s bugging you.

Thanks, and sorry for jacking someone else’s thread.
I am having the same issues with svchost.exe (host process for microsoft windows) and felt like it was really weird for a Microsoft’s application to do so.
In the meantime, could you let us know whether this is a false positive (or a software bug in glasswire) or is there any reason to be concerned due to malware or trojans?

I uploaded my svchost.exe to virus total and it came out clean (0/52)

Thanks.

p.s I’m attaching a screenshot http://i.imgur.com/sWm3wOc.png

Anirudra, I think it could be a bug with GlassWire. We’ll have an update out soon.

Hi again,
I updated to version 1.28b and the same problems persist.

Here is a screenshot http://i.imgur.com/rcSoslg.png

Very strange. I haven’t seen any other reports of this with the new software release. What OS/hardware are you using?

I am on Windows 7 32-bit with Intel Core i5 650 CPU.

~EDIT : @Ken, can you tell me what does these messages signify? How does the publisher of an application change and in what way does that impact the workings of the application?
“Application no longer signed” - Are you referring to the digital signature? and does that mean some malicious app tried to inject code into a legitimate one?

Thanks.

Anirudra,

I think I can answer your question. Sometimes if the publisher changes it doesn’t mean anything. For example if Google signs their application with Google Inc instead of just “Google” then it’s probably OK.

When we say “no longer signed” yes we’re talking about a digital signature. If an application goes from being signed to completely unsigned then it would be something I’d worry about. I have never had an application become unsigned while using GlassWire but our CTO has and we found it was a bug. We think we have fixed that bug though. If you are having this problem with the latest GlassWire version please email us the details and we’ll try to recreate the problem and fix it.

1 Like

Servo,

Thanks for the response.
I cant recreate the problem at will, as it happens randomly. I’ll try to isolate when and how its happening and report you guys back.

The current status when the application is signed is posted below. I’ll be monitoring what services are being used then the app goes unsigned and changes publisher.

C:\Users\Anirudra>tasklist /svc | find “svchost.exe”

svchost.exe 720 DcomLaunch, PlugPlay, Power
svchost.exe 820 RpcEptMapper, RpcSs
svchost.exe 1012 Audiosrv, Dhcp, eventlog,
svchost.exe 1044 AudioEndpointBuilder, CscService, hidserv,
svchost.exe 1080 EventSystem, fdPHost, FontCache, netprofm,
svchost.exe 1116 BITS, Browser, EapHost, gpsvc, IKEEXT,
svchost.exe 1452 CryptSvc, Dnscache, LanmanWorkstation,
svchost.exe 1784 BFE, DPS, MpsSvc
svchost.exe 1940 bthserv
svchost.exe 412 StiSvc
svchost.exe 2944 HFGService
svchost.exe 4008 PolicyAgent
svchost.exe 2796 FDResPub, SSDPSRV, upnphost
svchost.exe 4892 p2pimsvc, p2psvc, PNRPsvc

got this same alert on windows 8 after a microsoft update.

1 Like

+1
I can confirm this happens when installing MS updates or even with some applications.

`EDIT: If you guys could add a feature which displays an alert when windows update starts installing patches or maybe an alert when a new software is being installed on your system. That would be great, if its feasible.

1 Like