Share via

Windows Defender blocked svchost.exe from making changes to memory

Jesse Salazar 0 Reputation points
2024-08-29T02:41:27.39+00:00

Event 1127, Windows Defender

Controlled Folder Access blocked C:\Windows\System32\svchost.exe from making changes to memory.

Detection time: 2024-08-28T14:17:34.805Z

User: NT AUTHORITY\SYSTEM

Path: \Device\HarddiskVolume3

Process Name: C:\Windows\System32\svchost.exe

Security intelligence Version: 1.417.359.0

Engine Version: 1.1.24070.3

Product Version: 4.18.24070.5
Windows for business | Windows Client for IT Pros | User experience | Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Sumit 1,746 Reputation points Volunteer Moderator
    2024-08-29T03:58:19.4866667+00:00

    Hi Jesse,

    It seems like controlled folder access stopped SVCHost from making changes to your computer(WS thinks it is a ransomware attack)

    SvcHost is the service host for Windows Processes. You may consider allowing the app if the Malware scan is clean:

    https://support.microsoft.com/en-us/windows/allow-an-app-to-access-controlled-folders-b5b6627a-b008-2ca2-7931-7e51e912b034

    I hope this helps.

    0 comments
  2. Anonymous
    2024-09-04T01:06:14.3366667+00:00

    Hello,

    You can use Windows Task Manager to see if multiple instances of svchost.exe are running. While multiple instances are normal (each hosts a different group of services), unusual activity or resource usage may indicate a problem.

    Meanwhile you could add the app or file to Windows Defender Whitelist to check.

    How to allow blocked file or app on Microsoft Defender Antivirus - Pureinfotech

    Best Regards,

    Hania Lian

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it. 

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.