Process Ancestry Validation

Is this process ancestry legitimate for TeamViewer?

Process Ancestry: wininit.exe -> services.exe -> TeamViewer_Service.exe -> TeamViewer.exe-> mshta.exe

Thanks!

Find more posts tagged with

Question

Accepted answers

JeanK

Hello @SecurityGiraffe,

Thank you for your message. ?

Yes, this is a false positive and a safe file. ?

HTA is an (old) HTML-based application technology supported only by Internet Explorer
– https://en.wikipedia.org/wiki/HTML_Application

The behaviour might seem suspicious to the antivirus because the TeamViewer executable generates a temporary .hta file and launches it with the Windows built-in mshta.exe runner, which runs it as a trusted application.

I hope this could help. ?

Best regards

Jean

All comments

JeanK

@SecurityGiraffe very glad we could help! ?

Hope to see you soon posting in the Community. ?

Best regards

Jean

SecurityGiraffe

That's very helpful, thank you so much!

JeanK

Hello @SecurityGiraffe,

Thank you for your message. ?

Yes, this is a false positive and a safe file. ?

HTA is an (old) HTML-based application technology supported only by Internet Explorer
– https://en.wikipedia.org/wiki/HTML_Application

I hope this could help. ?

Best regards

Jean

TeamViewer Rise: The event for IT experts
Have you heard?! On October 21, we’re hosting TeamViewer Rise—and we want to see you there! The digital event dedicated to IT experts. Join us to hear industry leaders as they share demos, roadmaps, and real-world strategies for delivering better IT. Take part in our first annual event for Proven, ready-to-deploy…