SIHclient.exe?

Topic

New Reply

Today the GlassWire firewall showed an outward connection  by something called SIH, which seems to be SIHClient.exe sitting in system32 folder.

I googled it and found the following:

“Seems like SIH is for “Silent Install Helper”. It starts background installation of Windows updates, as planned in advanced update options.”

I am not clear whether this is a MS/Windows program or third party. Does anybody know what it does and should I worry? I am running Win10Pro 1511 with WU disabled and I don’t want any updates.

Of course, it can’t be deleted or moved. I had the firewall block it.

Pls advise. Thanks.

 

 

 

 

 

 

Reply | Quote

Replies

I am on W 10.0 Pro Build 15063.0. I can’t advise you but I can show you what I have on this partition:

c:\Windows\System32\en-US\sihclient.exe.mui
c:\Windows\System32\msihnd.dll
c:\Windows\System32\SIHClient.exe
c:\Windows\System32\sihost.exe
c:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sih
c:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot
c:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sih
c:\Windows\System32\Tasks_Migrated\Microsoft\Windows\WindowsUpdate\sihboot
c:\Windows\System32\wbem\iscsihba.mof
c:\Windows\SysWOW64\msihnd.dll
c:\Windows\SysWOW64\wbem\iscsihba.mof
c:\Windows\WinSxS\amd64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.15063.0_none_ba8137e9ee9bd32c\iscsihba.mof
c:\Windows\WinSxS\amd64_microsoft-windows-installer-handler_31bf3856ad364e35_10.0.15063.0_none_efee6255849e46ed\msihnd.dll
c:\Windows\WinSxS\amd64_microsoft-windows-shellhost_31bf3856ad364e35_10.0.15063.0_none_278c16655bcb2420\sihost.exe
c:\Windows\WinSxS\amd64_serviceinitiatedhealing-client.resources_31bf3856ad364e35_10.0.15063.0_en-us_e4308167274c1966\sihclient.exe.mui
c:\Windows\WinSxS\amd64_serviceinitiatedhealing-client_31bf3856ad364e35_10.0.15063.0_none_2df22df6ff09f2ef\SIHClient.exe
c:\Windows\WinSxS\wow64_microsoft-windows-i..itiator_service_mof_31bf3856ad364e35_10.0.15063.0_none_c4d5e23c22fc9527\iscsihba.mof
c:\Windows\WinSxS\x86_microsoft-windows-installer-handler_31bf3856ad364e35_10.0.15063.0_none_93cfc6d1cc40d5b7\msihnd.dll

Hope this helps some…..

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote

How exactly does the list help?

My question was “what does it do and how should I stop it”. Does firewall blocking do it?

Reply | Quote

A simple question deserves a simple answer. It wasn’t for you….

There are many people looking at your thread, not just you….. O.o

--------------------------------------

1. Tower Totals: 2xSSD ~512GB, 2xHHD 20 TB, Memory 32GB

SSDs: 6xOS Partitions, 2xW8.1 Main & Test, 2x10.0 Test, Pro, x64

CPU i7 2600 K, SandyBridge/CougarPoint, 4 cores, 8 Threads, 3.4 GHz
Graphics Radeon RX 580, RX 580 ONLY Over Clocked
More perishable

2xMonitors Asus DVI, Sony 55" UHD TV HDMI

1. NUC 5i7 2cores, 4 Thread, Memory 8GB, 3.1 GHz, M2SSD 140GB
1xOS W8.1 Pro, NAS Dependent, Same Sony above.

-----------------

Reply | Quote

“Silent Install Helper” – sure sounds like something on the wrong side of the tracks.

I’ve seen it documented as “Server Initiated Healing”.

Look in your Task Scheduler in the Task Scheduler Library > Microsoft > Windows > Windows Update section for tasks named “sih” and “sihboot” for more info.

The question is this: Why would you have anything in that section of the Task Scheduler enabled?

What if we users don’t want anything installed silently? What if the integrity of our computing environments is of importance to us?

-Noel

1 user thanked author for this post.

walker

Reply | Quote

Thanks.

I found several Ready there beyond those two:

AUFirmwareInstall

AUScheduleInstall

AUSessionConnect

Automatic App Update

Schedule Start

I disabled all — will I have problems?

Reply | Quote

I disable them all.

I can’t promise what your experience will be if you use any of the new Metro/Modern/UWP Apps. I don’t use any of those myself, except Settings. And I run with a local account.

But it’s quite possible you’ll be all right, inasmuch as Windows expects to be able to run for at least some time without a direct connection to the Microsoft mothership.

What I personally do with my Win 10 system is to have my Windows Update service normally disabled, the above scheduled tasks Disabled, the Group Policy “Automatic Updates” set to Disabled, and have my firewall configured to block update communications, and several other things. This gives me full control over whether and when updates happen.

When I choose the time to check for and install updates, I reconfigure the firewall to allow communications, set the Windows Update service to Manual and Start it, then check for available updates with the WUShowHide tool. If I choose to allow the listed updates then I then start the Settings App and actually do the updates by pressing the [Check for updates] button in there.

Once the updates are done, I reconfigure back to a “no possible updates” condition, including looking at the scheduled tasks and returning any that have been enabled back to Disabled.

So far it seems to be working for me. It sounds like extra work but in practice it’s no big deal, and it gains me the ability to control when and whether updates are applied.

-Noel

1 user thanked author for this post.

walker

Reply | Quote

I am doing something similar but apparently it was not complete, so I will adjust what I was missing.

If you are using a paid firewall it probably allows you things that my free one does not. I have to wait until I see something that tried to connect without my knowledge and then I can block that specific program. The problem is that many Windows components do this and it’s impossible to tell which I can block and which not except by trial and error.

I think I had Automatic Updates disabled, but I don’t recall where it is–where exactly is it so that I can check?

 

Reply | Quote

In gpedit.msc: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update

Setting: Configure Automatic Updates
Set it to: Disabled

Note that even with the above setting, if the Windows Update service gets started (which I’ve seen happen even with it set to Disabled in services.msc), the system will check with the online Microsoft update servers. That’s why the firewall (I use Sphinx Network / Cloud Edition) is also an important step. There is no question we are working against Microsoft here, but to that I say: Too bad for them; it’s my computer.

And yes, firewall configuration is a bit of trial and error. I found starting with a deny-by-default configuration then creating exceptions was an effective strategy, and new communications won’t go through unless specifically allowed.

-Noel

Reply | Quote

Thanks.

I think you got it backwards: It’s MS that works against us, not the other way around.

Unfortunately, Sphinx is not free and WireGlass does not have “Block by default”. You gotta block programs individually.

 

Reply | Quote

fp wrote:

I think you got it backwards: It’s MS that works against us, not the other way around.

I’ll go along with that.

fp wrote:

Unfortunately, Sphinx is not free and WireGlass does not have “Block by default”. You gotta block programs individually.

Like you, I’ve always been one to seek out and use free solutions as long as they’re good… I regularly use, for example (in no particular order), Classic Shell, Process Hacker 2, Folder Options X, Irfan View, WizMouse, Aero Glass for Win 8+, ShellFolderFix, AutoRuns and some other SysInternals utilities, TortoiseSVN and a number of Stefan Kung’s utilities, a number of Nir Sofer’s utilities, Visual Studio 2015 CE, and a bunch more I could list if I spent more than 30 seconds thinking about it. All freeware though I HAVE donated to virtually all of the above authors, since their software provides me value.

Then there is a class of commercial software I use regularly that’s SO good, that meets my needs SO well, that I’m more than happy to pay for it and support the authors. Sphinx Windows Firewall Control Network/Cloud edition is one such package (at US $39.95), along with such things as Scooter Software’s Beyond Compare Pro ($60), TurboTax ($60ish), and a few others.

Overall I use more free software than paid, but when only the paid software gives the value needed, it’s well worth buying.

And I should mention that there’s still another class of commercial software I use (some of which is quite expensive) for which I get free licenses because I test beta versions and provide meaningful feedback. If you have time, consider seeking out beta programs, volunteer to test, and you may be rewarded with a license at no charge.

-Noel

Reply | Quote

I have managed pretty well with only free sware for decades. It’s, of course, a matter of the difference in value I can get for the price and I always found, after research, that it was hard to justify.

When I was younger I did a lot of testing and reviews for both hw and sw and got lots for free, but I no longer have the patience or interest — I leave it to the younger guys, like you.  When you reach my age you’ll see what I mean.

BTW, even though I followed the instructions of CH100 ( I think), the Windows peer-to-peer update setting keeps getting enabled every time I boot the system.

Reply | Quote

More reading on MS forums 

More reading at Technet forum

Quote below is text from Micrososft’s description in scheduled task (presumably written by a MS person who has knowledge of SIHclient).

 

“This daily task launches the SIH client (server-initiated healing) to detect and fix system components that are vital to automatic updating of Windows and Microsoft software installed on the machine.  This task can go online, evaluate applicability of healing actions, download necessary payloads to execute the actions, and execute healing actions.”

 

 

Reply | Quote

Does what it says on the tin, in manner of speaking… This other set of “malware” is what helps Microsoft remedy your ‘faulty’ ‘ill’ configured computer so they can try to force you to deal with the newest Windows 10 feature set.

Do you know the way to Task Scheduler Friend?

Reply | Quote