{"id":7297,"date":"2023-09-14T04:50:59","date_gmt":"2023-09-14T04:50:59","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=7297"},"modified":"2023-09-14T04:51:01","modified_gmt":"2023-09-14T04:51:01","slug":"applocker-mpsigstub-exe","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/applocker-mpsigstub-exe","title":{"rendered":"Applocker &#8220;MpSigStub.exe&#8221;"},"content":{"rendered":"\n<p><span style=\"color: rgb(66, 66, 66); font-family: &quot;Public Sans&quot;, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, &quot;Helvetica Neue&quot;, Arial, &quot;Noto Sans&quot;, sans-serif, &quot;Apple Color Emoji&quot;, &quot;Segoe UI Emoji&quot;, &quot;Segoe UI Symbol&quot;, &quot;Noto Color Emoji&quot;; white-space-collapse: collapse;\">The Windows anti-malware solution, Windows Defender, which has been \u00a0installed on every version of Windows since Windows 7, is responsible \u00a0for protecting the system from malware. Windows Defender runs in the \u00a0context of\u00a0<\/span><em style=\"border-width: 0px; border-color: var(--gray-200); border-image: initial; box-sizing: border-box; --tw-shadow: 0 0 #0000; --tw-ring-inset: var(--tw-empty,\/*!*\/ \/*!*\/); --tw-ring-offset-width: 0px; --tw-ring-offset-color: #fff; --tw-ring-color: rgba(59,130,246,.5); --tw-ring-offset-shadow: 0 0 #0000; --tw-ring-shadow: 0 0 #0000; color: rgb(66, 66, 66); font-family: &quot;Public Sans&quot;, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, &quot;Helvetica Neue&quot;, Arial, &quot;Noto Sans&quot;, sans-serif, &quot;Apple Color Emoji&quot;, &quot;Segoe UI Emoji&quot;, &quot;Segoe UI Symbol&quot;, &quot;Noto Color Emoji&quot;; white-space-collapse: collapse;\">NT AUTHORITY\\SYSTEM<\/em><span style=\"color: rgb(66, 66, 66); font-family: &quot;Public Sans&quot;, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, &quot;Segoe UI&quot;, Roboto, &quot;Helvetica Neue&quot;, Arial, &quot;Noto Sans&quot;, sans-serif, &quot;Apple Color Emoji&quot;, &quot;Segoe UI Emoji&quot;, &quot;Segoe UI Symbol&quot;, &quot;Noto Color Emoji&quot;; white-space-collapse: collapse;\">\u00a0and spawns a process named MpSigStub.exe, both of which are used by the Windows update service.<\/span><\/p>\n\n\n\n<p><\/p>\n\n\n\n<p>You will need to whitelist this .exe from Running <\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Windows anti-malware solution, Windows Defender, which has been \u00a0installed on every version of Windows since Windows 7, is responsible \u00a0for protecting the system from malware. Windows [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7297","post","type-post","status-publish","format-standard","hentry","category-research"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=7297"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7297\/revisions"}],"predecessor-version":[{"id":7298,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/7297\/revisions\/7298"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=7297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=7297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=7297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}