msmpeng.exe creating sethc.exe & utilman.exe

Matthew 1 Reputation point
2021-10-12T16:14:44.527+00:00

I am running endpoint protection and getting alerts for msmpeng.exe creating sethc.exe and utilman.exe. Windows defender is turned off due to a separate antivirus. Is there any legitimate reason this would happen?
139889-msmpeng.png

Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,926 Reputation points
    2021-10-13T08:50:29.793+00:00

    Hello Matthew,

    You are possibly right. A simple hack for resetting a Windows 10 password by abusing tools such as Ultiman.exe, StickyKeys, or DisplaySwitch.exe has existed for some time. Microsoft recently prevented these Windows modifications with Windows Defender. There is no other proof that other security software are protecting against this "hijack" of Windows services.


    --If the reply is helpful, please Upvote and Accept as answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.