cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Defender Exploit Guard - C:\Windows\Temp\odt875C.tmp.exe

SPDev60
Copper Contributor

‎Nov 04 2022 12:14 PM

‎Nov 04 2022 12:14 PM

Microsoft Defender Exploit Guard - C:\Windows\Temp\odt875C.tmp.exe

I get a lot of Defender notifications like this one, the .tmp.exe name is just slightly different:

ID: 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2

Detection time: 2022-11-04T17:55:38.821Z

User: NT AUTHORITY\SYSTEM

Path: C:\Windows\Temp\odt875C.tmp.exe

Process Name: C:\Windows\System32\lsass.exe

Target Commandline: C:\Windows\TEMP\odt875C.tmp.exe /configure C:\Windows\TEMP\cfgCD8D.tmp

Parent Commandline:

Involved File:

Inheritance Flags: 0x00000000

Security intelligence Version: 1.377.1295.0

Engine Version: 1.1.19700.3

Product Version: 4.18.2210.4

 

Is there a standard update process anyone is aware of the triggers from the Windows\Temp directory like this?

Seems like I shouldn't whitelist this behavior but I also wonder if it's slowing or prevent a security update from running (Google Chrome, Office, Adobe etc.). 

 

Any thoughts?

7,655 Views
0 Likes
1 Reply
Reply
1 Reply
troublestarterx

‎Jan 07 2024 12:37 AM

‎Jan 07 2024 12:37 AM

Re: Microsoft Defender Exploit Guard - C:\Windows\Temp\odt875C.tmp.exe

Hi @SPDev60 

 

Exactly the same 5 processes at Windows 11  startup odtXXXC.tmp.exe

SO startup is very slow for Windows !

 

0 Likes
Reply