This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 88%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVC%3C/text%3E%3C/svg%3E)
Hello All,
we are recently and new received alert which says
Malware file path: behavior:_pid:9788:82135149762278;process:_pid:9788,ProcessStart:132827932413398196
Malware file path: behavior:_pid:2168:82135149762278;process:_pid:2168,ProcessStart:132827932457743054
Malware file path: behavior:_pid:13064:82135149762278;process:_pid:13064,ProcessStart:132827932519552401
..
,
,
,
,
so on...count less.
can anyone know why this alert generated and how to solve this, is this a realy malware alert ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
Where do you see these messages?
we have configured Defender ATP and we received the alert with the PID and process start almost 500+ alerts as a ticket.
when i check in the machine from where the alert came from is c\window\splwow64.exe
i have again received malware behaviour alert , the definition showing as 1.353.1952.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 13%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECK%3C/text%3E%3C/svg%3E)
This is the bug appeared after the “Defender” was updated to version 1.353.1874.0. Thus, Microsoft Defender blocks the opening of files and issues a warning about suspicious activity related to Win32/PowEmotet.SB or Win32/PowEmotet.SC. Some administrators were unable to open Excel documents and cited the upgrade to version 1.353.1874.0 as the reason:
FIx is to update the machines latest Definition 1.353.1874.1888.
we have again received malware behaviour alert on2nd december, the definition showing as 1.353.1952.0.
i have attached the screenshot for the infected file path
