The service mpksldrv has been created, then deleted: why?

winsiderss / systeminformer

A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware. Brought to you by Winsider Seminars & Solutions, Inc. @ http://www.windows-internals.com

https://systeminformer.sourceforge.io

MIT License

11.01k stars 1.4k forks source link

The service mpksldrv has been created, then deleted: why? #561

Closed WiliTest closed 4 years ago

WiliTest commented 4 years ago

Why process hacker created this service ?

dmex commented 4 years ago

Process Hacker shows alerts about services created and deleted by Windows and other programs. It doesn't create or delete anything unless you're actually doing it yourself.

You can disable these alerts using the View > Tray icons > Notifications menu 👍

eried commented 4 years ago

@WiliTest what was that service doing? I had the same notification in a vm

dmex commented 4 years ago

@eried

mpksldrv is used by Windows Defender for definition updates.

eried commented 4 years ago

Oh! Thanks!

Fisheiyy commented 3 years ago

this pops up for me randomly but it doesnt just say MpKslDrv it has a bunch of numbers Screenshot 2021-03-30 173143

dmex commented 3 years ago

@Fisheiyy

Windows Defender uses a random service name when updating the antimalware definitions. If it were using a fixed static name then it would be deleted/blocked by malware and would not be able to update.

mooleshacat commented 1 year ago

You can disable these alerts using the View > Tray icons > Notifications menu 👍

Option does not exist in PH 2.39.124

Vasilich commented 1 year ago

Option does not exist in PH 2.39.124

It as existed at least in tray icon right click - notifications.

We are in SystemInformer repo, so who cares about abandoned Processhacker?