B
Neophyte

Neophyte

 • 

1 Message

 • 

100 Points

Friday, February 10th, 2023 12:33 AM

Closed

New

cmd.exe

I keep getting a notification marking cmd.exe from microsoft corporation as suspicious. What is it and why is it suspicious?

This conversation is no longer open for comments or replies and is no longer visible to community members.

Brand User

Trend Security Expert

 • 

51 Messages

 • 

1.1K Points

1 year ago

Hi @brkewa !

If you're receiving a notification regarding cmd.exe, it could be due to a virus or malware that has disguised itself as the file. This is a common tactic used by cybercriminals to evade detection and infect computers.

However, this doesn't mean that your computer has been compromised. You can easily check the file's information and location to ensure that it's a legitimate cmd.exe file and not a disguised threat. It's a good idea to run a virus scan just to be sure.

For further investigation of this issue, please provide the following details:

Thanks, 

 Superstar

 • 

306 Messages

 • 

7.5K Points

1 year ago

Just send the file cmd.exe to "VirusTotal" for examination

https://www.virustotal.com/gui/home/upload

Brand User

Trend Security Expert

 • 

76 Messages

 • 

1.7K Points

1 year ago

Hi @claudiubotezatu,

We are recommending that our customers directly contact our customer service support on any platform (phones, chats, email, and this community page) to make sure that their confidential information is safe and to further investigate the issue so we can provide a fundamental solution to their concern.

Thank you. 

 Superstar

 • 

306 Messages

 • 

7.5K Points

@tm_gela​ 

Checking a suspected detection on "Virus Total" is a common practice, recommended on all forums. 

Brand User

Trend Security Expert

 • 

131 Messages

 • 

2.7K Points

hi @claudiubotezatu 

Command Prompt or cmd.exe is a legitimate Windows OS Platform/Program. Since there is a detection on a legitimate program which there should be none, we need to check for other factors affecting the detection. We need to check if there is a another program that is causing detection on cmd.exe

Thanks you.

 Superstar

 • 

306 Messages

 • 

7.5K Points

@tm_chris​ 

The OP can upload that particular cmd.exe into VirusTotal and that cmd.exe will be analyzed.

Only because its name is "cmd.exe" does not mean is a legitime Windows OS Platform program.

This is a basic step in determining if a detection is real or FP.

(edited)

Brand User

Trend Security Expert

 • 

122 Messages

 • 

2.5K Points

Hi @claudiubotezatu​ 

In some cases legitimate Windows programs have been used for potentially harmful purposes. This might explain why the Trend Micro program prevented the "cmd.exe" application from running. Examining the detection message is crucial to better understand the incident. It is possible that "cmd.exe" is not suspicious and that the Trend Micro program may have blocked its execution because it was being run in an unusual way.

 

You can submit file samples here False Detection/Re-Classify Requests. The files size limit is 12MB. For file samples larger than 12MB, you can submit a ticket thru support, and we will provide a secure link where you can upload the sample.

Thank you.

Need Help?

Ask the Community

Latest Tech Insights

Loading...