windows update replaced conhost.exe but the file is not included in the update binaryHow do you find what process is holding a file open in Windows?Windows Server 2008 doesn't respond after Windows updateWindows Server 2008 R2 SP1 using WSUS does not apply patchAll of the NTFS hard links disappear, where are those 0KB hardlinks stored on disk and how to recover them?What does DISM Return Code 0x800F081E mean when installing WMF 4.0 on Windows 7 machines? (online)Windows Update 800F0922Install windows update KB 2919355Install of IIS role and Windows Update both failDetermine which Windows Update KB package a specific OS file belongs to?Server 2016 Updates failing to install
Boss wants me to falsify a report. How should I document this unethical demand?
Why is this Simple Puzzle impossible to solve?
Integrating an absolute function using Mathematica
Infinite Sequence based on Simple Rule
Is there a benefit to having both truesight and darkvision?
Why does the 'metric Lagrangian' approach appear to fail in Newtonian mechanics?
How to capture more stars?
How strong are Wi-Fi signals?
How can people dance around bonfires on Lag Lo'Omer - it's darchei emori?
Forward and backward integration -- cause of errors
How were these pictures of spacecraft wind tunnel testing taken?
Ticket sales for Queen at the Live Aid
Is it ok to put a subplot to a story that is never meant to contribute to the development of the main plot?
If a person had control of every single cell of their body, would they be able to transform into another creature?
Under what law can the U.S. arrest International Criminal Court (ICC) judges over war crimes probe?
Array Stutter Implementation
Binary Search in C++17
Why do airplanes use an axial flow jet engine instead of a more compact centrifugal jet engine?
What is the object moving across the ceiling in this stock footage?
What is the difference between nullifying your vote and not going to vote at all?
Employer asking for online access to bank account - Is this a scam?
Rename photos to match video titles
Is there a way to make it so the cursor is included when I prtscr key?
Crossing US border with music files I'm legally allowed to possess
windows update replaced conhost.exe but the file is not included in the update binary
How do you find what process is holding a file open in Windows?Windows Server 2008 doesn't respond after Windows updateWindows Server 2008 R2 SP1 using WSUS does not apply patchAll of the NTFS hard links disappear, where are those 0KB hardlinks stored on disk and how to recover them?What does DISM Return Code 0x800F081E mean when installing WMF 4.0 on Windows 7 machines? (online)Windows Update 800F0922Install windows update KB 2919355Install of IIS role and Windows Update both failDetermine which Windows Update KB package a specific OS file belongs to?Server 2016 Updates failing to install
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
We‘re performing file security analysis based on the source (where files are coming from).
A Windows 10 update installs a new conhost.exe but we cannot find out where the file is coming from. It doesn't seem to be in the .cab file of the update.
This is what we did:
- install windows 10 1809 v2
(c:windowssystem32conhost.exe md5 is4c41666923a14dc687deee3b143afb55) - let Windows install update
kb4501835(windows10.0-kb4501835-x64_a8a91185c1cf9b9fefa6e9e07fc3d74c45fb2fee) - After finishing the installation of this update and rebooting, c:windowssystem32conhost.exe md5 hash is
c221707e5ce93515ac87507e19181e2a
Where‘s that conhost.exe coming from?
Windows 10 update history just says that it installed the Update kb4501835. So we manually downloaded kb4501835-x64 from here, expanded it to a temp dir, expanded the resulting file Windows10.0-KB4501835-x64_PSFX.cab to another temp dir. (commands used: c:WindowsSystem32expand.exe -R %FILE% -F:* 1)
In this tmp directory, we found two conhost.exe with md5 d810493b38380e30855f1e9e7d395000 and ebf996ce7169609d9b892b5a79297611
So neither of the two conhost.exes in the kb4501835-x64 has the md5 c221707e5ce93515ac87507e19181e2a
Question:
Where is that new conhost.exe coming from if it‘s not in the update .CAB? We can verify the .cat based signature with signtool, so yes, it‘s apparently from Microsoft and signed and everything is alright, but we need to know the origin of files that are replaced on disk.
Any hint?
windows windows-update
asked May 14 at 13:19
user208383user208383
31114
add a comment |
We‘re performing file security analysis based on the source (where files are coming from).
A Windows 10 update installs a new conhost.exe but we cannot find out where the file is coming from. It doesn't seem to be in the .cab file of the update.
This is what we did:
- install windows 10 1809 v2
(c:windowssystem32conhost.exe md5 is4c41666923a14dc687deee3b143afb55) - let Windows install update
kb4501835(windows10.0-kb4501835-x64_a8a91185c1cf9b9fefa6e9e07fc3d74c45fb2fee) - After finishing the installation of this update and rebooting, c:windowssystem32conhost.exe md5 hash is
c221707e5ce93515ac87507e19181e2a
Where‘s that conhost.exe coming from?
Windows 10 update history just says that it installed the Update kb4501835. So we manually downloaded kb4501835-x64 from here, expanded it to a temp dir, expanded the resulting file Windows10.0-KB4501835-x64_PSFX.cab to another temp dir. (commands used: c:WindowsSystem32expand.exe -R %FILE% -F:* 1)
In this tmp directory, we found two conhost.exe with md5 d810493b38380e30855f1e9e7d395000 and ebf996ce7169609d9b892b5a79297611
So neither of the two conhost.exes in the kb4501835-x64 has the md5 c221707e5ce93515ac87507e19181e2a
Question:
Where is that new conhost.exe coming from if it‘s not in the update .CAB? We can verify the .cat based signature with signtool, so yes, it‘s apparently from Microsoft and signed and everything is alright, but we need to know the origin of files that are replaced on disk.
Any hint?
windows windows-update
asked May 14 at 13:19
user208383user208383
31114
add a comment |
We‘re performing file security analysis based on the source (where files are coming from).
A Windows 10 update installs a new conhost.exe but we cannot find out where the file is coming from. It doesn't seem to be in the .cab file of the update.
This is what we did:
- install windows 10 1809 v2
(c:windowssystem32conhost.exe md5 is4c41666923a14dc687deee3b143afb55) - let Windows install update
kb4501835(windows10.0-kb4501835-x64_a8a91185c1cf9b9fefa6e9e07fc3d74c45fb2fee) - After finishing the installation of this update and rebooting, c:windowssystem32conhost.exe md5 hash is
c221707e5ce93515ac87507e19181e2a
Where‘s that conhost.exe coming from?
Windows 10 update history just says that it installed the Update kb4501835. So we manually downloaded kb4501835-x64 from here, expanded it to a temp dir, expanded the resulting file Windows10.0-KB4501835-x64_PSFX.cab to another temp dir. (commands used: c:WindowsSystem32expand.exe -R %FILE% -F:* 1)
In this tmp directory, we found two conhost.exe with md5 d810493b38380e30855f1e9e7d395000 and ebf996ce7169609d9b892b5a79297611
So neither of the two conhost.exes in the kb4501835-x64 has the md5 c221707e5ce93515ac87507e19181e2a
Question:
Where is that new conhost.exe coming from if it‘s not in the update .CAB? We can verify the .cat based signature with signtool, so yes, it‘s apparently from Microsoft and signed and everything is alright, but we need to know the origin of files that are replaced on disk.
Any hint?
windows windows-update
asked May 14 at 13:19
user208383user208383
31114
We‘re performing file security analysis based on the source (where files are coming from).
A Windows 10 update installs a new conhost.exe but we cannot find out where the file is coming from. It doesn't seem to be in the .cab file of the update.
This is what we did:
- install windows 10 1809 v2
(c:windowssystem32conhost.exe md5 is4c41666923a14dc687deee3b143afb55) - let Windows install update
kb4501835(windows10.0-kb4501835-x64_a8a91185c1cf9b9fefa6e9e07fc3d74c45fb2fee) - After finishing the installation of this update and rebooting, c:windowssystem32conhost.exe md5 hash is
c221707e5ce93515ac87507e19181e2a
Where‘s that conhost.exe coming from?
Windows 10 update history just says that it installed the Update kb4501835. So we manually downloaded kb4501835-x64 from here, expanded it to a temp dir, expanded the resulting file Windows10.0-KB4501835-x64_PSFX.cab to another temp dir. (commands used: c:WindowsSystem32expand.exe -R %FILE% -F:* 1)
In this tmp directory, we found two conhost.exe with md5 d810493b38380e30855f1e9e7d395000 and ebf996ce7169609d9b892b5a79297611
So neither of the two conhost.exes in the kb4501835-x64 has the md5 c221707e5ce93515ac87507e19181e2a
Question:
Where is that new conhost.exe coming from if it‘s not in the update .CAB? We can verify the .cat based signature with signtool, so yes, it‘s apparently from Microsoft and signed and everything is alright, but we need to know the origin of files that are replaced on disk.
Any hint?
windows windows-update
windows windows-update
asked May 14 at 13:19
user208383user208383
31114
asked May 14 at 13:19
user208383user208383
31114
asked May 14 at 13:19
user208383user208383
31114
asked May 14 at 13:19
user208383user208383
31114
asked May 14 at 13:19
user208383user208383
31114
31114
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967209%2fwindows-update-replaced-conhost-exe-but-the-file-is-not-included-in-the-update-b%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f967209%2fwindows-update-replaced-conhost-exe-but-the-file-is-not-included-in-the-update-b%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
