When I restarted my laptop, the firewall I use – an open source app called Simplewall – launched automatically, as I’ve set it to do. I was prompted to update the app in the app itself (not an external notification), and when I clicked install, I received two notifications back to back from Microsoft Defender. Looking back, I think I clicked install twice because there was a slight lag the first time.
In protection history, both entries list the same basic info:
Affected items: C:UsersnameAppDataLocalTempsimplewall-simplewall-3.3.5.exe
The first one’s status is listed as quarantined, the second and most recent one’s status is listed as failed/remediation incomplete. What does this mean? A full system scan by Windows Defender and a full system scan by Malwarebytes both come back clean. I’ve received several notifications from controlled folder access over the past fifteen minutes though, listing various apps/processes that are being blocked:
- pcdrsysinfostorage.p5x (protected folder: DeviceHarddisk0DR0)
- svchost.exe (protected folder: DeviceHarddiskVolume1)
- VSSVC.exe (protected folder: DeviceHarddiskVolume1)
- DDVDataCollector.exe (protected folder: DeviceHarddisk0Dr0)
- SOSInstallerTool.exe (protected folder: DeviceHarddisk0DR0)
I recognize some of these processes because they pop up every now and then. The ones I don’t recognize are pcdrsysinfostorage.p5x, VSSVC.exe, and SOSInstallerTool.exe. All blocked actions are listed as low threat, but it’s still making me nervous.
What should my next steps be?
Go to Source of this post
Author Of this post: /u/OnlyHat8