inquiry About Services Installed (Event ID 7045)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 89%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Archana suresh
0
Reputation points
Hi,
For Event ID 7045 (A service was installed in the system), we’ve observed the installation of the following services:
- system_monitor Path:
\SystemRoot\system32\DRIVERS\system_monitor.sys - RegCacheFilter Path:
system32\DRIVERS\RegCacheFilter.sys - file_monitor Service name:
file_monitorStartup type: Auto start Driver path:system32\DRIVERS\file_monitor.sys
The system_monitor, RegCacheFilter, and file_monitor drivers have generic names and are not clearly tied to a known vendor, which raises concerns about potential misuse or unauthorized persistence mechanisms.
Could you please confirm:
Whether these services are part of any approved tooling?
If there is any reason to treat these as suspicious or investigate further?
Please let us know if you need additional context or logs
Microsoft Security | Windows Autopilot
Sign in to answer