Windows Defender is reporting the services change on sample application

Feb 1, 2009 at 10:50 AM
When I run the sample ProcessMonitor.exe, Windows Defender reports a warning as follows. I didn't look into the usage and document for the system service. I remember that it is necessary for querying interfaces. Is this driver a must for process monitoring? It better for easyhook not to introduce this kind of warning report.


Summary:
Services and Drivers change occurred.

This agent monitors services and drivers acting as part of Windows, often running with high security privileges. It ensures that no services are being interfered with or added without proper consent.

Path:
C:\Downloads\EasyHook 2.5 Beta Binaries\EasyHook32Svc.exe

Detected changes:
process:
pid:5096

service:
EasyHook32Svc

file:
C:\Downloads\EasyHook 2.5 Beta Binaries\EasyHook32Svc.exe

Advice:
Permit this detected item only if you trust the program or the software publisher.

Publisher:
Microsoft

Digitally Signed By:
NOT SIGNED

Product name:
EasyHookSvc

Description:
EasyHookSvc

Original name:
EasyHookSvc.exe

Creation date:
2/1/2009 7:41 AM

Size:
20480 bytes

Version:
1.0.0.0

Type:
application

Checkpoint:
Services

Category:
Not Yet Classified


Coordinator
Feb 1, 2009 at 4:02 PM
This is not a driver, it is a service.

Without a service you won't be able to hook anything since windows vista...

Just sign it with AuthentiCode before deploying it to your customers...