Ransomware: Windows Host Process, MsMpEng.exe

Question

Dear All,

Recently, my TrendMicro said that there was a ransomware on Windows Host Process, the program location is "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2104.14-0\MsMpEng.exe", the target location is "c:\windows\system32\svchost.exe".

I have ran the virus scanning, however, still do not know which file is a malware.

Do you have same problem? I don't know how could I clean it or stop it.

Answer 1

Hi,
The Antimalware Service Executable process (also known as MsMpEng.exe) plays an integral role in Windows Defender service. The process is responsible for allowing Windows Defender to monitor potential threats. I wonder if there is a conflict between Windows Defender and your security software. Update the Windows Defender to latest version or disable Windows Defender real-time feature.
Hope this helps and please help to accept as Answer if the response is useful.
Best Regards,
Carl

Answer 2

Thanks Carl.

The server is running Windows Server 2016. There is about 20 servers are using Windows Server 2016, however, only 1 server get this issue, therefore, I am wonder it is a true ransom or not. However, I am lack of information about it...