Hi people out there,
when I started my system (Windows XP) this morning (12.Feb.04) and some time later looked into the Task Manager's process tag, there was a process I have never seen before: msfirewall.exe.
- The file resided in c:\WINDOWS\system32,
- has 14,336 bytes,
- was "created" on 5. September 2002, 00:37:09,
- and last "changed" on 29. August 2002, 02:43:26. (I bought the machine in December 2002 from the manufacturer.)
- The file has NO properties entry of firm, version, or description.
- The process was started by a NEW entry under HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run :
"MsFirewall" with the value C:\WINDOWS\System32\msfirewall.exe.
I didn't install any new software that day before the process appeared. I only used Microtrend's online scanner and then surfed the net for a few hours. When I used this online scanner the last time, one month ago, there was no such change in my registry. So I don't believe it's a change done by the scanner software.
I cancelled the process and locked away the file immediately, so I can't say, how it affects the system or what it does.
I did a Google search and a meta search on "msfirewall.exe", but there was NOT ONE information found !!
Does anyone know this file?
Has anyone Windows XP to confirm whether or not it's a normal part of the operating system?
Or are there addresses where suspicious files can be sent for a closer examination?
I hope, the Break Room is the right forum for a theme like this. If not, please, mods, move this to whereever it belongs.
Thanks so far for listening...