Security issue - Why is pswindowsupdate.dll process consistently running in background?

[sniperdoc]

It appears to be periodically running. I thought this was a manual tool for sysadmins to use? Not something to runs periodically in the background.

Policy Matched: Default - Servers Organization Name: xxxxxxx Hostname: xxxxxxxx Username: xxxxxxxxxx Full Path: c:\program files\windowspowershell\modules\pswindowsupdate\2.2.1.5\pswindowsupdate.dll Process Path: c:\windows\system32\windowspowershell\v1.0\powershell.exe Created By Process: ["c:\windows\system32\windowspowershell\v1.0\powershell.exe"] Hash: E5E1F9C5C90835B4781BCA3C885A929A SHA256Hash: A82AD86FB4C59748F474151BCA43EADABA86A64DF252DED768FCF6219E2B8A6A Certificate: cn=powerclouds michal gajda, o=powerclouds michal gajda, l=warszawa, c=pl Action Type: execute Effective Action: Denied

[sniperdoc]

Seems system\perflog is triggering it when we're running performance monitors. Don't understand why.

[jzavcer]

Are you sure there isn't some kind of schedule task running on the system or remote Ansible job that might be doing a check in process.