![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 70%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,508 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 92%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYL%3C/text%3E%3C/svg%3E)
Hello,
Thank you for posting in Q&A forum.
- \Windows\System32\CoreEvent.exe
The CoreEvent.exe file name is not a standard Windows OS built-in process or service name. In a normal Windows installation, you should not see such a file in the System32 folder.
If this file is present on the system, it is likely malware or installed by a third-party application. Therefore, if this file is found on your server, it is recommended to immediately conduct further investigation and scan it with anti-virus software.
- \Windows\System32\inetsrv\cachsess.dll (or sess_cache.dll)
cachsess.dll and the similarly named sess_cache.dll are files related to IIS (Internet Information Services). These DLL files may be part of IIS and are used to cache session state data. However, please note that the standard DLL file name used by IIS may be different from this, so it is necessary to verify the file version and signature to confirm its authenticity.
If these DLLs are legitimate IIS components, they will be used to manage HTTP session data, such as the user's login status or other session-related data. Make sure these DLL files have the correct digital signature and that the file version matches your IIS version.
- \Windows\SysWOW64\inetsrv\cachsess.dll (or sess_cache.dll)
For 64-bit versions of Windows operating systems, the 32-bit version of the DLL file is placed in the SysWOW64 folder. If your system is 64-bit and you are running 32-bit IIS, there may be corresponding DLL files here. Again, you need to check the digital signature and version information of these files to confirm their legitimacy.
The function of these DLL files is the same as mentioned above, that is, managing HTTP session data. Please ensure that these files are from the correct source.
Note that final verification should be done by a security professional and antivirus software. You can use the Sigcheck tool to help verify the digital signature of your files, which is very useful for determining whether the file is from a trusted publisher. Sigcheck is a command-line utility that shows file version number, timestamp information, and digital signature details, including certificate chains. https://learn.microsoft.com/en-us/sysinternals/downloads/sigcheck
Generally, if the file is not signed or the signature is invalid, it is recommended that you scan it with antivirus software and further investigate the source of these files. If the file signature is valid and the signer is trusted (such as Microsoft Corporation), then you can consider these files legitimate.
Best Regards,
Yanhong Liu
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.
