HIPS/ProcMod-003

Category	Suspicious behavior and files
Type	Suspicious behavior
What's been detected	Runtime behavior alerts of this type inform the user that Internet Explorer has attempted to start another process within its cache. Any unexpected attempt at this behavior could indicate a malware infection. Please note that unauthorised downloads can result in the installation of unlicenced software. Sophos recommends investigating HIPS/ProcMod-003 reports in order to control the software being installed on corporate networks.
What to do	If you've received an alert, a detected file is likely to be malicious, but it's up to you to choose whether to trust the file or take other action.

Summary

Summary
Action
More Information


Affected operating systems	Windows
Detected by	Sophos Anti-Virus for Windows, version 7

Action

Summary
Action
More Information

Your options

If you've received an alert, then you have 2 options:

authorize the file
send the file to the lab for analysis

Authorize the file if it's from a trusted source.

Send it to the lab for analysis if:

you trust the file, but it generates alerts.
you don't trust the file

To reduce the chance of unwanted detections, Sophos HIPS should be set to 'Alert only' mode for the duration of any software installations.

Sending a file to the lab?

When you complete the sample submission form, please give a reason for your submission and mention this "HIPS/" detection.

More Information

Summary
Action
More Information

Runtime behavior alerts of this type inform the user that Internet Explorer has attempted to start another process within its cache. Any unexpected attempt at this behavior could indicate a malware infection.

Please note that unauthorised downloads can result in the installation of unlicenced software. Sophos recommends investigating HIPS/ProcMod-003 reports in order to control the software being installed on corporate networks.

Get reports about the latest suspicious behavior and file detections delivered to your computer