Question event viewer oddity? please assist

w1418826

Reputable
Mar 25, 2015
62
1
4,535
0
i was hoping others could take a look at the following the piqued my curiosity;

Provider "FileSystem" is Started.

Details:
ProviderName=FileSystem
NewProviderState=Started

SequenceNumber=7

HostName=ConsoleHost
HostVersion=5.1.17763.316
HostId=7861b665-9337-4805-b849-a5091c50c594

HostApplication=C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe Set-MpPreference -
DisableBehaviorMonitoring $true ; Set-MpPreference -MAPSReporting 0 ; Set-MpPreference -ExclusionProcess
rundll32.exe ; Set-MpPreference -ExclusionExtension dll

EngineVersion=
RunspaceId=
PipelineId=
CommandName=
CommandType=
ScriptName=
CommandPath=
CommandLine=

now, I have a lot of events popping up similar to this (over 200 entries going back to february) for power shell in event viewer with provider name alias popping up and junk. host application here looked suspect to me though.

also, while following one of the folder paths i found a profile for the internet i didn't make with a file extension that was for encoded files.. once I took that files permissions away I just tried to run a speedtest for the internet and it showed me connected to vps servers in hayward, CA which is the correct state but i am in sacramento 2 or 3 hours away from that city..

Thoughts??
 
Last edited:

Ketchup79

Upstanding
Aug 7, 2019
423
35
240
5
My speed test connects to a state to the north of wherecI am. Does that mean something is wrong? No. And yes, Windows 10 has powershell by default. It will start every time you start Windows.

Are you actually having any problems?
 

w1418826

Reputable
Mar 25, 2015
62
1
4,535
0
my issue wasnt really the location it was the fact it was connected to the virtual private server which doesnt seem normal..

the reason i was concerned about the powershell event is because it said behavior monitoring which yes I have had strange things happen in the past that makes this seem like a phrase to draw alarm.
 

ASK THE COMMUNITY

TRENDING THREADS