Defender Platform and Unquoted Service Path

ZaMMer-9504 0 Reputation points
2023-11-26T16:43:24.22+00:00

Seems the most recent version of defender platform and the last few versions have an un quoted service path issue that is not fixable on the user's side. Don't see anything in the changelog for this fix. Please have someone advise how to fix or if a platform update will be released that fixes this.

Nessus found the following service with an untrusted path : 
  MDCoreSvc : C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpDefenderCoreService.exe
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,980 questions
{count} votes

1 answer

Sort by: Most helpful
  1. abbodi86 3,866 Reputation points
    2023-11-27T04:34:37.32+00:00

    While it's bad practice, but i tracked the service starting using Procmon, services.exe checks "C:\ProgramData\Microsoft\Windows" folder, but it doesn't not try to load anything from there, it only load the specified service path for MpDefenderCoreService.exe