Posted August 29, 200816 yr *Security Issue? with Windows Audio Endpoint Builder* Hello. I was tracking down why my *svhost.exe* (used for internet & network Connections) was being used to access a whole bunch of Picture files in one of my folders. Files that were not being used by any other program or service at the time (not even the File Manager). It was running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)" Service. I used the resource monitor to see that the WAEB was accessing numerous files in various folders. _What_stood_out_was_my_personal_pictures_it_was_accessing_. I looked the service up and in no way is it dependant on or is depended on by any system except AUDIO on the computer. However according to a company that deals in computer security (and Microsoft) it is a service launched by the legitimate 'C:\Windows\System32\svchost.exe' program. The actual executable file for the Windows Audio Endpoint Builder service is 'C:\Windows\System32\audiosrv.dll'. Now this 'service' was reading my picture (JPG) files in the Public folder that has no system files in it. *Can anyone explain why an Audio Support DLL is interested in my Pictures?* As well as other files. I saw mention of this service having something to do with the System Indexing Serice as well in my search results when trying to find information. If it is related to indexing then why is it interested in NON-AUDIO files at all? if the indexer uses 'Associated With' executables to 'read' files for indexing then it should be using an audio processor to deal with audio files and an image processor for pictures, etc -- right? My concern is that it is being used as a backdoor or such to _grab_files_for_a_third_party_. Though I cannot find that this file sends data beyond my machine, it may process it for another program which would. As yet i cannot find anything suspicious on the outgoing side. I realize that Microsoft is trying to use internet protocols for program interactions (even within the same machine) in support of its ditributed processing theme (BAD idea), but allowing such DLLs to be connected to much less - Launched By - the same service that talks to the internet seems risky, if not downright stupid (Thats a seperate subject alone). Any Thoughts or comments would be appreciated. THANK YOU -- Nobias Posted via http://www.vistaheads.com
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.