Is taskhostw.exe doing something it shouldn't?

Thanks, but I wasn't asking how to turn it off.  Since *I* turned it on, I know where to turn it off.

The question is about whatever the heck taskhostw is trying to do.

Yes, that's another simple way to deal with it and probably just fine, since most startups aren't truly necessary and simply create useless overhead.

If CFA were intended to to be a long-term solution then Microsoft might try to make it more friendly, but since it's really just another temporary workaround like User Access Control (UAC) before it, it will eventually disappear with the legacy Windows desktop version that it's intended to provide workaround protection for.

Since you're a past programmer like myself, albeit mine from the early microcomputer days writing BIOS modifications in assembly language, I'll give a quick summary of why CFA exists, which might help you understand.

Just like UAC which was created to alert users to badly designed apps that required Administrator privilege when it wasn't typically needed, CFA was designed to recognize when direct file system access is made to certain Windows system folders, some of which Microsoft had long ago replaced with more secure techniques and others that simply should never have been allowed.

Though Microsoft had tried to push developers in the direction of better security practices, we both know how well that has worked, so like UAC, CFA notification were created to notify (read "annoy") the user that these were occurring.  Just like with UAC, Microsoft's hope is that most of those developers planning to continue supporting their apps on future versions of Windows will take the time to fix their issues, with the annoyance factor of potentially thousands of user support complaints as the stick.

Initially, users were even required to manually note and select the executable file(s) needing to be added as CFA exceptions, but with the recent 1903 release, this was simplified according to Glen, another helper who's spent more time investigating these issues.

In truth though, the hope is really that the annoyance will either cause users to complain loudly to the developers or simply give up and find another app that conforms to modern development standards.

This latter choice is my preferred solution, as apps that don't conform and instead write directly into these system folders are simply an added security risk, since if they didn't exist Microsoft could simply block these and the ability for ransomware to abuse them would end instantly.

So from this, I'm sure you'll at least understand Microsoft's reluctance to make this process easy and also the fact that all apps that currently conform to the Universal Windows Platform standards required to operate within the more secure Windows "S" mode inherently avoid these issues altogether.  That's also why virtually none of the ransomware works on newer devices that ship with Windows S mode enabled, since these folders aren't writable.

So the problem as is nearly always true for Microsoft is simply lazy developers and the leftovers from decades of legacy Windows and sloppy app design.  This was what originally made Windows what it became, but also lead to the inevitable issues of malware and other hacks that served to nearly obliterate it (in truth it actually has, hence Windows 10 S) and Microsoft along with it.

Rob

I knew all of that.  What I don't know is what that exe does.  And whether it is normal.  Is everyone else that has that option turned on observing that same error?  Rob's answer looks like it gives me some clues.

I've been doing programming since 1966 and spent a lot of time with Windows since the early days.  So Autoruns itself is no big deal.  However, the tons of things that Autoruns lists are a bit overwhelming.  It sure would have been nice if the original warning message had indicated which dll or program was actually responsible.

I guess at this point, I will just keep looking for more occurrences of the error and if I recognize something that isn't running now that should be running (since it was blocked).

My motto:  Nothing Is Ever Easy  NIEE for short

Hi!

My name is German, and I am here to help you.

1. On the taskbar, click on Windows Defender Security Center icon.
2. Next, in the Windows Defender Security Center window, click on Virus & threat protection tile.
3. Then click on Ransomware protection on next screen.
4. Moving on, in Ransomware protection screen, under Controlled folder access section, you can toggle the option to Off to disable this feature.

Any other questions I am at your disposal.

Have a great day!