SecurityHealthService.exe

  • File Path: C:\Windows\system32\SecurityHealthService.exe
  • Description: Windows Security Health Service

Hashes

Type Hash
MD5 291F9B01E345C70EF390EDE08CDACCEE
SHA1 7D53C837765D0933F15ACE39E09DE21ED7C62809
SHA256 DA04FB5CF7E65D7EA011362E8BFEC80BFF7F02C3B70B351FDD9C4C33AC124B04
SHA384 A35015B75C661A41C360CC26B7A81098C138C4863A347C74A75BF5387C0EF8D612225261D430FA20CAE59CD40F58EFB9
SHA512 D70F4F3A28A6F7F2AA78204B488936C1C84F56314B4AF9AE86624C0682B1166CBC77F92C61854BA2842918D0700738803A43E3472122948D8954BB84E7FCA982
SSDEEP 24576:cBv2jD5d6Ymqgo4x4jckE/U7szfzLAa4oumpzR:c4XpckEP4a4oumpzR

Runtime Data

Usage (stdout):

Unknown switch.

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SecurityHealthService.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.1907.16384 (WinBuild.160101.0800)
  • Product Version: 4.18.1907.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of SecurityHealthService.exe being misused. While SecurityHealthService.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\SecurityHealthService' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.