Process Ancestry Validation

SecurityGiraffe · May 2020

Is this process ancestry legitimate for TeamViewer?

Process Ancestry: wininit.exe -> services.exe -> TeamViewer_Service.exe -> TeamViewer.exe-> mshta.exe

Thanks!

JeanK · June 2020

Hello @SecurityGiraffe,

Thank you for your message. ?

Yes, this is a false positive and a safe file. ?

HTA is an (old) HTML-based application technology supported only by Internet Explorer
– https://en.wikipedia.org/wiki/HTML_Application

The behaviour might seem suspicious to the antivirus because the TeamViewer executable generates a temporary .hta file and launches it with the Windows built-in mshta.exe runner, which runs it as a trusted application.

I hope this could help. ?

Best regards

Jean

JeanK · June 2020

Hello @SecurityGiraffe,

Thank you for your message. ?

Yes, this is a false positive and a safe file. ?

HTA is an (old) HTML-based application technology supported only by Internet Explorer
– https://en.wikipedia.org/wiki/HTML_Application

The behaviour might seem suspicious to the antivirus because the TeamViewer executable generates a temporary .hta file and launches it with the Windows built-in mshta.exe runner, which runs it as a trusted application.

I hope this could help. ?

Best regards

Jean

SecurityGiraffe · June 2020

That's very helpful, thank you so much!

JeanK · June 2020

@SecurityGiraffe very glad we could help! ?

Hope to see you soon posting in the Community. ?

Best regards

Jean

Process Ancestry Validation

Best Answer

Answers

Categories

This Week's Leaders