If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
wsc_proxy.exe
WIN-& Pro 32 bit
wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- -- Protect your civil rights! Let the politicians know how you feel. Join or donate to the NRA today! http://membership.nrahq.org/default....ignid=XR014887 Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars. |
Ads |
#2
|
|||
|
|||
wsc_proxy.exe
When you opened up the Properties in the Task Manager and you selected Go To
Services what services did it show it was using? -- Bill Brought to you from Anchorage, Alaska "slate_leeper" wrote in message ... WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- |
#3
|
|||
|
|||
wsc_proxy.exe
slate_leeper wrote:
WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- I use Avast Free. There is no wsc_proxy.exe process running but there is a wsc_proxy.exe file under the Avast install folder. You never mentioned if you use Avast or not, and if so then the free or paid version. Even in the free version, I do NOT install a lot of bloatware or lureware. Yes, some features are lurewa you have to pay to use them but Avast doesn't make it clear they are payware services. Scanning e-mails and NNTP posts is superfluous: the same on-access scanner is used and anytime you create or modify files then Avast's on-access scanner is going to look at those files, anyway. Attachments in e-mails are harmless until you extract an attachment into a file, and that's when the on-access scanner would check it, anyway. So you probably elected to allow some feature of Avast to load that I do not, plus you might be using the payware version or subscribed to some of the lureware that I did not. The "proxy" in its name suggests, to me, that it might have to do with e-mail and/or nntp traffic interrogation by Avast (which is, as mentioned, a superfluous feature). https://forum.avast.com/index.php?to...400#msg1332400 |
#4
|
|||
|
|||
wsc_proxy.exe
VanguardLH wrote:
slate_leeper wrote: WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- I use Avast Free. There is no wsc_proxy.exe process running but there is a wsc_proxy.exe file under the Avast install folder. You never mentioned if you use Avast or not, and if so then the free or paid version. Even in the free version, I do NOT install a lot of bloatware or lureware. Yes, some features are lurewa you have to pay to use them but Avast doesn't make it clear they are payware services. Scanning e-mails and NNTP posts is superfluous: the same on-access scanner is used and anytime you create or modify files then Avast's on-access scanner is going to look at those files, anyway. Attachments in e-mails are harmless until you extract an attachment into a file, and that's when the on-access scanner would check it, anyway. So you probably elected to allow some feature of Avast to load that I do not, plus you might be using the payware version or subscribed to some of the lureware that I did not. The "proxy" in its name suggests, to me, that it might have to do with e-mail and/or nntp traffic interrogation by Avast (which is, as mentioned, a superfluous feature). https://forum.avast.com/index.php?to...400#msg1332400 Avast apparently offers their own browser. Paul |
#5
|
|||
|
|||
wsc_proxy.exe
Paul wrote:
VanguardLH wrote: slate_leeper wrote: WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- I use Avast Free. There is no wsc_proxy.exe process running but there is a wsc_proxy.exe file under the Avast install folder. You never mentioned if you use Avast or not, and if so then the free or paid version. Even in the free version, I do NOT install a lot of bloatware or lureware. Yes, some features are lurewa you have to pay to use them but Avast doesn't make it clear they are payware services. Scanning e-mails and NNTP posts is superfluous: the same on-access scanner is used and anytime you create or modify files then Avast's on-access scanner is going to look at those files, anyway. Attachments in e-mails are harmless until you extract an attachment into a file, and that's when the on-access scanner would check it, anyway. So you probably elected to allow some feature of Avast to load that I do not, plus you might be using the payware version or subscribed to some of the lureware that I did not. The "proxy" in its name suggests, to me, that it might have to do with e-mail and/or nntp traffic interrogation by Avast (which is, as mentioned, a superfluous feature). https://forum.avast.com/index.php?to...400#msg1332400 Avast apparently offers their own browser. Safezone Browser. Yeah, more bloatware that isn't necessary. Tweaking your own web browser gives you the same security. https://www.avast.com/faq.php?article=AVKB209 However, I doubt wsc_proxy.exe (which looks to be a proxy) is their Safezone web browser. |
#6
|
|||
|
|||
wsc_proxy.exe
On Fri, 23 Dec 2016 11:07:13 -0900, "Bill Bradshaw"
wrote: When you opened up the Properties in the Task Manager and you selected Go To Services what services did it show it was using? There is no service listed by this name or description. The only Avast service shows a dependency on aswMonFil which depends on FltMgr. I do not see those listed anywhere either. -- Protect your civil rights! Let the politicians know how you feel. Join or donate to the NRA today! http://membership.nrahq.org/default....ignid=XR014887 Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars. |
#7
|
|||
|
|||
wsc_proxy.exe
On Fri, 23 Dec 2016 18:40:33 -0600, VanguardLH wrote:
slate_leeper wrote: WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- I use Avast Free. There is no wsc_proxy.exe process running but there is a wsc_proxy.exe file under the Avast install folder. You never mentioned if you use Avast or not, and if so then the free or paid version. Even in the free version, I do NOT install a lot of bloatware or lureware. Yes, some features are lurewa you have to pay to use them but Avast doesn't make it clear they are payware services. Scanning e-mails and NNTP posts is superfluous: the same on-access scanner is used and anytime you create or modify files then Avast's on-access scanner is going to look at those files, anyway. Attachments in e-mails are harmless until you extract an attachment into a file, and that's when the on-access scanner would check it, anyway. So you probably elected to allow some feature of Avast to load that I do not, plus you might be using the payware version or subscribed to some of the lureware that I did not. The "proxy" in its name suggests, to me, that it might have to do with e-mail and/or nntp traffic interrogation by Avast (which is, as mentioned, a superfluous feature). https://forum.avast.com/index.php?to...400#msg1332400 Sorry for the omission: Yes, free version. I do have email scanning on. However I have been using Avast for years. The date on the file in question (wsc_proxy.exe) says it was created 9/16/16. I have not changed, renewed, updated Avast since long before that. -- Protect your civil rights! Let the politicians know how you feel. Join or donate to the NRA today! http://membership.nrahq.org/default....ignid=XR014887 Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars. |
#8
|
|||
|
|||
wsc_proxy.exe
slate_leeper wrote:
On Fri, 23 Dec 2016 18:40:33 -0600, VanguardLH wrote: slate_leeper wrote: WIN-& Pro 32 bit wsc_proxy.exe This is listed as a running process in Task Manager. I don't remember ever seeing it before. The description is "Avast remediation exe." Properties/General says 85,944 bytes Properties/Details says Size 0 bytes End Process results in Access Denied Any idea what this is and if it is necessary? Google showed almost nothing on it. -dan z- I use Avast Free. There is no wsc_proxy.exe process running but there is a wsc_proxy.exe file under the Avast install folder. You never mentioned if you use Avast or not, and if so then the free or paid version. Even in the free version, I do NOT install a lot of bloatware or lureware. Yes, some features are lurewa you have to pay to use them but Avast doesn't make it clear they are payware services. Scanning e-mails and NNTP posts is superfluous: the same on-access scanner is used and anytime you create or modify files then Avast's on-access scanner is going to look at those files, anyway. Attachments in e-mails are harmless until you extract an attachment into a file, and that's when the on-access scanner would check it, anyway. So you probably elected to allow some feature of Avast to load that I do not, plus you might be using the payware version or subscribed to some of the lureware that I did not. The "proxy" in its name suggests, to me, that it might have to do with e-mail and/or nntp traffic interrogation by Avast (which is, as mentioned, a superfluous feature). https://forum.avast.com/index.php?to...400#msg1332400 Sorry for the omission: Yes, free version. I do have email scanning on. However I have been using Avast for years. The date on the file in question (wsc_proxy.exe) says it was created 9/16/16. I have not changed, renewed, updated Avast since long before that. Not every file for every program is provide only via the installer or via updates. Some can be within data blocks inside another file. When that file executes or a program extracts that data block, it can write it into another file and, voila, there is the new file. I've seen this with several games where you run the .exe but that's not the process you see (except temporarily) in Task Manager. Instead it unrolled a data block into a file and then executed that extracted code in that file. I would, for example, try changing priority or other attributes of the ..exe that I thought started the program only to find out some other file actually started the game. In that case, I wouldn't be surprised it was part of some copyrighting scheme, like perhaps a means of ensuring a specific memory image got loaded and ran without some anti-copyright software injecting changes. Avast has not divulged what is this file, only that it is part of their anti-virus software. For me, that file has a datestamp of Aug 22, 2016; however, there has been 1 program updates since then and I have the latest version. 12.3.2279 was released 8/16/2016 but I have 12/3/2280 released on 11/4/2016. So updates did not step on my copy of that file. You will have to contact Avast to see if they would be willing to divulge the purpose of that file and how it gets created, assuming you can convince they you won't further divulge that information to hackers or malware authors and that you aren't one. It is a protected file. Processes running at kernel mode (level 0) can hide themselves and why you won't see every process that is running by using Task Manager or any other user-mode task manager. I tried looking in the registry but regedit.exe or any other registry editor running at user mode cannot see some portions of the registry. I also know that deleting some registry entries for Avast will have Avast reinstate them. I'll use CCleaner and eliminate what it thinks are orphans only to have the Avast entries reappear. Avast protects itself. I did find the following key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\aswRvrt under which is a SetupOperations data items whose value has a bunch of move instructions, one of which is: MoveFile("\??\C:\Program Files\AVAST Software\Avast\wsc343C.tmp","\??\C:\Program Files\AVAST Software\Avast\wsc_proxy.exe",TRUE) So it looks like wsc343C.tmp is the original copy that gets moved and renamed to wsc_proxy.exe. I don't know if that is a remnant from when Avast was installed, when it last performed a program update, or what uses that registry item. The parent key is called aswRvrt (stuff beginning with "asw" is Avast stuff). The name is "avast! Revert". Just because it is a service does not mean it will be listed by services.msc. There are several asw services you won't see listed in that app. Services can call other services when needed. aswRevert could be for self-protection but more likely part of its repair process (https://www.avast.com/faq.php?article=AVKB204). There is an aswrvrt.sys driver file. You won't see loaded drivers listed in Task Manager. You can see them using SysInternals' LoadOrder utility. I used it to see aswRvrt (avast! Revert) did get loaded during boot time. LoadOrder doesn't show a load path for this driver. I found 2 copies, which were under C:\Windows\System32\drivers and C:\Program Files\AVAST Software\Avast\setup\Inf\x64\. I'm using Windows 7 x64, not the 32-bit version you have. I have not bothered to disable Avast's boot-time rootkit scan or its self-defense module to see if that eliminates loading of aswRvrt on Windows startup. The aswRvrt driver has caused problems; see http://blog.vilmatech.com/fixedaswrv...-stuckbooting/. As I recall, disabling the boot-time rootkit scan and/or the self-defense module was one of the troubleshooting steps if you could not get Windows to load okay. |
#9
|
|||
|
|||
wsc_proxy.exe
VanguardLH wrote:
Avast has not divulged what is this file And that's the problem with the "code of the hills" followed by AV developers. They absolutely refuse to say anything about what their code does. This would be OK, if an application was "just an AV" and nothing more. When they **** around with every subsystem on the computer, substitute their own signing certificates, and generally make a mess, that's when their closed-mouth habits backfire. A user is more likely to toss the lot and run without an AV, if they run into any problems with the bloat baggage. Too much bloat to be worth it. System too compromised to be of any use to anyone. ******* You could always fire up a copy of Sysinternals ProcMon, and see what pieces of code are doing things at approximately the same time. Maybe you'd get lucky and get a "hint" what it is for. Both Wireshark and ProcMon have timestamps, so you could also correlate packets sent and received, with wsc_proxy activity. If you had the equivalent of ZoneAlarm, perhaps you'd even be notified when wsc_proxy attempts to communicate on an outgoing port. Paul |
#10
|
|||
|
|||
wsc_proxy.exe
slate_leeper
Sat, 24 Dec 2016 12:14:33 GMT in alt.windows7.general, wrote: Gun control is like trying to reduce drunk driving by making it tougher for sober people to own cars. I'm stealing that tagline. You might also like one of mine... "Gun control is HITTING what you aim at." -- Sarcasm, because beating the living **** out of deserving people is illegal. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|