Nov 04 2022 12:14 PM
I get a lot of Defender notifications like this one, the .tmp.exe name is just slightly different:
ID: 9E6C4E1F-7D60-472F-BA1A-A39EF669E4B2
Detection time: 2022-11-04T17:55:38.821Z
User: NT AUTHORITY\SYSTEM
Path: C:\Windows\Temp\odt875C.tmp.exe
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: C:\Windows\TEMP\odt875C.tmp.exe /configure C:\Windows\TEMP\cfgCD8D.tmp
Parent Commandline:
Involved File:
Inheritance Flags: 0x00000000
Security intelligence Version: 1.377.1295.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
Is there a standard update process anyone is aware of the triggers from the Windows\Temp directory like this?
Seems like I shouldn't whitelist this behavior but I also wonder if it's slowing or prevent a security update from running (Google Chrome, Office, Adobe etc.).
Any thoughts?
Jan 07 2024 12:37 AM
Hi @SPDev60
Exactly the same 5 processes at Windows 11 startup odtXXXC.tmp.exe
SO startup is very slow for Windows !