Suspicious or not suspicious?

Upon waking up I saw this (attached). Trying to use the scan function, the file appears not to exist any longer. any way of troubleshooting to see what this was? Was it windows trying to do some updating or where it came from? (pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com:443)
SETUP NOTIFICAITON
Screenshot_2

@Dreamzz81

I can only say that it’s not a file from GlassWire. We sign our files and I don’t believe we have ever had a “setup.exe”. Unfortunately though setup.exe is a very common file name.

If you check it with VirusTotal does it give any clues?
https://www.glasswire.com/userguide/#Virus_Total

1 Like

It no longer exists to be scanned as mentioned in OP

1 Like

Oops, sorry I missed that point… I apologize.

@Dreamzz81

Did you see any other “new” alerts around the same time? Maybe it’s related to an app that updated. I’d trouble shoot by looking at the graph during that time and checking to see what else was happening with other apps.

1 Like

I’d say it is not likely to be suspicious but it is not worth the time and effort to confirm this.

If you use anti-virus/anti-malware software that scans all running processes then it has already passed one checkup.

The process was attempting to contact Amazon Web Services (AWS) so it is very unlikely to be a feature of Microsoft Windows.

If you check that URL in VirusTotal then you should find an IP address owned by Amazon Technologies Inc.
https://www.virustotal.com/gui/ip-address/54.69.152.122
https://www.lookip.net/whois/54.69.152.122

If you think it is suspicious then you could try to recover/undelete the deleted file so you can scan it. You might also need to recover the folder that contained it.

2 Likes

interesting the file removed itself quickly…perhaps it was some app trying to update by auto-update or something, if I find more out I will update…Thanks @Remah
Yes I do have security software so arguably as it was undetected maybe it was harmless…

1 Like