Help wanted re Sygate Security Alert

  Nosmas 23:59 27 Aug 2005

I am running XP Home - SP2 with MS Updates all up to date. Also running AVG Free and Sygate Personal Firewall - again up to to date.

I have just had a Security alert from Sygate (classified as Information) which reads: -
"Application Hijacking has been detected
The application: C:\WINDOWS\system32\mmc.exe try to launch another application: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe to go to remote host click here"

Can someone please advise me exactly what this means and what action (if any) I might need to take.

  Skills 01:14 28 Aug 2005

mmc.exe is the microsoft mangement console see click here

Helpctr.exe is the help and support centre see click here

It looks to me like the mangement console kicks in and loads up the help and support center which access as help and support centre access the net to "display links to timely help and support information."

To me it doesn't seem to be anything to worry bout.

  Wak 10:38 28 Aug 2005

As suggested by Skills, it will be the Windows system phoning home and Sygate puts this down to a possible hijack.
If you right click the Sygate icon in the systray and look in Applications you will be able find the above files and then change the access to BLOCK.
You will find that lots of programs try to phone home.

  Nosmas 18:07 28 Aug 2005

Many thanks for your response and assurance that there doesn't seem to be anything to worry about. Since Sygate had classified the Security Message as 'Information' and not a 'Warning' (such as when a port scan is detected) I thought it was probably harmless. However the mention of the word 'Hijack' did make me a little doubtful, hence the reason for my posting.

  Nosmas 18:23 28 Aug 2005

Thanks also for your contribution, but looking at the applications on the Sygate list there is no mention of 'mmc.exe' or 'HelpCtr.exe'. I do have a number of applications starting 'C:\Windows\System32\' all of which have 'Ask' in the access column. There are also others that I have set to 'Allow' e.g. AVG (for automatic updates), Outlook Express and MailWasher.

I did not receive any request from 'mmc.exe' to access the Internet and only saw the Security Message when the Sygate icon was flashing to indicate a Security Alert, and this was for a Port Scan alert which had occurred some hours after the time of the Information message. I am not aware of any other programs on my system trying to 'phone home'.

  Wak 20:02 28 Aug 2005

Google shows that mmc.exe and Helpctr.exe are part of the Windows system which are trying to phone home and I have Kernel 32 in C:\ Windows\ System which was forever asking if it can accept an incoming call until it was blocked.
Real Player is another program which constantly tries to phone home for updates unless blocked.
I think if you go into Sygate Options/ General tab you can tick to hide the notification messages which may stop the irritating messages flashing up on screen but will still show them in the flashing icon as you mentioned where you can click to read the actual details.

  Nosmas 20:49 28 Aug 2005

Recently I have had one or two instances of a request to accept an incoming call - so far as I can recall all to do with Microsoft - but I have generally refused to allow them. I note what you say about hiding the notification messages, but as I don't get many (fortunately) I think I will leave it unticked and deal with any messages that come up.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

AMD Radeon Adrenalin release date, new features, compatible graphics cards

Turn a photo into 16-bit pixel art

iMac Pro release date, UK price & specs

Comment suivre le parcours du père Noël ?