SecurityHealthService.exe

  • File Path: C:\Windows\system32\SecurityHealthService.exe
  • Description: Windows Security Health Service

Hashes

Type Hash
MD5 2D0A83B999007B14E0B812763B989B68
SHA1 B39284C08116706AA87592521EA0453F4E07BE40
SHA256 14798B8C718061BC6BAAFE9B3823E7D8AA387A4EB486A34B629D019482761B51
SHA384 43A99E258D206B0968E25458DE572D1BC08267EBFD9B559B330DACF265B1E7B0E2AFE89FFBA568777DE3E2026544808F
SHA512 6F9318C32817F3C31E3D67B1D9AC8D398FFF237863263944CC9273C6ABE85B6DD9CFDF8413B056D9A7186E61AB1842EF0B1AE7423201630836AB367DA59F93B3
SSDEEP 24576:2oM/Qp28vYnlzAQndfC/jIWvZpAaPouAX:2oARRCbkaPouAX

Runtime Data

Usage (stdout):

Unknown switch.

Signature

  • Status: Signature verified.
  • Serial: 3300000266BD1580EFA75CD6D3000000000266
  • Thumbprint: A4341B9FD50FB9964283220A36A1EF6F6FAA7840
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: SecurityHealthService.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 4.18.1907.16384 (WinBuild.160101.0800)
  • Product Version: 4.18.1907.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

Possible Misuse

The following table contains possible examples of SecurityHealthService.exe being misused. While SecurityHealthService.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
sigma proc_creation_win_susp_reg_disable_sec_services.yml - '\SecurityHealthService' DRL 1.0

MIT License. Copyright (c) 2020-2021 Strontic.