Skip to main content

Introducing Trend Micro Identity Protection! Experience the security you deserve – begin your 30-day free trial now! Learn more

B
brkewa
TM 2023 Badge
Neophyte

Neophyte

 • 

1 Message

 • 

100 Points

Friday, February 10th, 2023 12:33 AM

Closed

New

cmd.exe

I keep getting a notification marking cmd.exe from microsoft corporation as suspicious. What is it and why is it suspicious?

Question

 • 

Updated 

8 months ago

341

0

0

0

This conversation is no longer open for comments or replies and is no longer visible to community members.

Brand User
tm_macky

Trend Security Expert

 • 

38 Messages

 • 

820 Points

8 months ago

Hi @brkewa !

If you're receiving a notification regarding cmd.exe, it could be due to a virus or malware that has disguised itself as the file. This is a common tactic used by cybercriminals to evade detection and infect computers.

However, this doesn't mean that your computer has been compromised. You can easily check the file's information and location to ensure that it's a legitimate cmd.exe file and not a disguised threat. It's a good idea to run a virus scan just to be sure.

For further investigation of this issue, please provide the following details:

Thanks, 

0

0

claudiubotezatu

Prodigy

 • 

172 Messages

 • 

4.3K Points

8 months ago

Just send the file cmd.exe to "VirusTotal" for examination

https://www.virustotal.com/gui/home/upload

0

0

Brand User
tm_gela

Trend Security Expert

 • 

37 Messages

 • 

840 Points

8 months ago

Hi @claudiubotezatu,

We are recommending that our customers directly contact our customer service support on any platform (phones, chats, email, and this community page) to make sure that their confidential information is safe and to further investigate the issue so we can provide a fundamental solution to their concern.

Thank you. 

0

0

claudiubotezatu

Prodigy

 • 

172 Messages

 • 

4.3K Points

@tm_gela​ 

Checking a suspected detection on "Virus Total" is a common practice, recommended on all forums. 

8 months ago

0

Brand User
tm_chris

Trend Security Expert

 • 

69 Messages

 • 

1.5K Points

hi @claudiubotezatu 

Command Prompt or cmd.exe is a legitimate Windows OS Platform/Program. Since there is a detection on a legitimate program which there should be none, we need to check for other factors affecting the detection. We need to check if there is a another program that is causing detection on cmd.exe

Thanks you.

8 months ago

0

claudiubotezatu

Prodigy

 • 

172 Messages

 • 

4.3K Points

@tm_chris​ 

The OP can upload that particular cmd.exe into VirusTotal and that cmd.exe will be analyzed.

Only because its name is "cmd.exe" does not mean is a legitime Windows OS Platform program.

This is a basic step in determining if a detection is real or FP.

(edited)

8 months ago

0

Brand User
tm_prima

Trend Security Expert

 • 

52 Messages

 • 

1.1K Points

Hi @claudiubotezatu​ 

In some cases legitimate Windows programs have been used for potentially harmful purposes. This might explain why the Trend Micro program prevented the "cmd.exe" application from running. Examining the detection message is crucial to better understand the incident. It is possible that "cmd.exe" is not suspicious and that the Trend Micro program may have blocked its execution because it was being run in an unusual way.

 

You can submit file samples here False Detection/Re-Classify Requests. The files size limit is 12MB. For file samples larger than 12MB, you can submit a ticket thru support, and we will provide a secure link where you can upload the sample.

Thank you.

8 months ago

0

Need Help?

Ask the Community

Latest Tech Insights

Loading...