Kaspersky
Solved

Suspicious activity has been blocked: Read memory of other process. But they are Windows process: WMI Host and Gaming Services. False positive?

  • 15 September 2019
  • 1 reply
  • 203 views

Badge


Suspicious activity has been blocked: Read memory of other process.

But they are Windows process: WMI Host and Gaming Services.
icon

Best answer by FLOOD 15 September 2019, 03:38

Suspicious activity has been blocked: Read memory of other process.But they are Windows process: WMI Host and Gaming Services.
Hello @FabioQuadros,
Welcome!
  • Was a "Protected" browser, & or SafeMoney browser active at the time the events were logged?
--
Kaspersky application logs "Suspicious action was blocked" events, for normal system processes when SafeMoney/Protected browser is active.

According to the Kaspersky Lab Technical Experts, this "known" issue, is not an issue, it is "by design"...

(imo), this specific event should be documented, many folks have been concerned upon finding it in the Kaspersky application reports (see my attached report)


15.09.2019 11.21.36 Suspicious action was blocked WMI Provider Host Action: Read memory from other processes Application: WMI Provider Host Application path: C:\Windows\System32\wbem\WmiPrvSE.exe Time: 15/09/2019 11:21 AM
---
  • To check/test, clear Kaspersky application reports, open a Protected/SafeMoney browser, recheck reports.
If "Suspicious action was blocked" events are logged, outside of the above parameters, please post back?
Thank you🙏🏽.
View original

1 reply

Userlevel 7
Badge +5
Suspicious activity has been blocked: Read memory of other process.But they are Windows process: WMI Host and Gaming Services.
Hello @FabioQuadros,
Welcome!
  • Was a "Protected" browser, & or SafeMoney browser active at the time the events were logged?
--
Kaspersky application logs "Suspicious action was blocked" events, for normal system processes when SafeMoney/Protected browser is active.

According to the Kaspersky Lab Technical Experts, this "known" issue, is not an issue, it is "by design"...

(imo), this specific event should be documented, many folks have been concerned upon finding it in the Kaspersky application reports (see my attached report)


15.09.2019 11.21.36 Suspicious action was blocked WMI Provider Host Action: Read memory from other processes Application: WMI Provider Host Application path: C:\Windows\System32\wbem\WmiPrvSE.exe Time: 15/09/2019 11:21 AM
---
  • To check/test, clear Kaspersky application reports, open a Protected/SafeMoney browser, recheck reports.
If "Suspicious action was blocked" events are logged, outside of the above parameters, please post back?
Thank you🙏🏽.

Reply / Ответить