I have used the wonderful SysInternals tools for years, and I love the Process Explorer tool and its built-in VirusTotal lookup (where it generates a hash of all programs actively running in memory and submits them to VirusTotal, who submits them to 70+ anti-virus vendors for their opinion: infected or not). Unfortunately, today before Noon Eastern Time, ProcessExplorer started returning the following results in the VirusTotal column: “A device attached to the system is not functioning” or “the operation timed out”. Multiple Wintel servers and workstations, multiple versions of Windows (Win10-1909 back through Server 2008 R2), multiple internet paths, multiple sites. I was worried about possible malware interference until I saw the same problem at a different site (home vs. work), with completely separate networks. I didn’t see any other info about this problem on the internet until tonight, when I found one thread on a Malwarebytes support page from someone with the same problem (although he wasn’t running Malwarebytes, actually). Has anyone else seen this? Any thoughts on why? My guess is that VirusTotal is not accepting the requests from Process Explorer, but any confirmation or insight would be much appreciated!
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
VirusTotal not accepting SysInternals Process Explorer requests as of 16Dec2020
- This topic has 18 replies, 9 voices, and was last updated 4 years, 1 month ago.
Viewing 11 reply threadsAuthor-
-
My attempt to run procexp today. No issues
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
-
Sysinternals has an integration with Virus total. It allows to automatically upload hashes/PE files to be uploaded to the scanners at virus toal and display the result.
The problem is that, while process explorer is working (as you have shown in your screenshot), the virus total integration (upload and check of hashes/files of running processes) does not.
I also have the same problem on my up to date windows 10 2004 and the only difference is that on the 16th. of december a .NET update was installed although im not sure if that really is the cause of the problem.
I checked both old and current procexp version but it failes in both cases to get vt results.
1 user thanked author for this post.
-
The issue is not running Process Explorer – that works fine, but when you click on Options – VirusTotal.com – Check VirusTotal.com, it adds another column where it shows you that it is sending info to VirusTotal, then is supposed to report the results, usually in the form of xx/yy, where xx of yy anti-virus vendors show each hash as suspicious/malicious. Right now, all I get is “A device attached to the system is not functioning (see attached). We do run have Symantec anti-virus and Barracuda web filtering in place, but A) it has worked before through both of those, and B) other PC/sites without those filters give similar errors.
-
Oh, I see. Thank you for clarification. I have the same error.
First it says “Hash submitted”
but then the error appears, I think that its error on the virus total servers. Some processes are evaluated for me, some not. Cant tell exactly why 🙁
Maybe VirusTotal DB is being rebuilt so it may take some time, I would wat 24 hours or so to see, if it will work again.
Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise
HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29
PRUSA i3 MK3S+
-
Today I get the status “Unknown” after hashes are submitted to Virus Total from both Sysinternals programs Process Explorer and Autoruns.
Can successfully submit a single file hash via HashMyFiles by Nir Sofer, or directly to the Virus Total website, so the site is not down.
I’ve got a firewall that automatically submits hashes to Virus Total whenever a program connects to the net for the first time.
Suspect that there must be an API that stopped working in the Sysinternals tools, or VT has chosen to block it.
Windows 10 Pro 22H2
a manual request works but slowly.
Considering the Solarwinds exploit perhaps hey have purged their database and are VERY busy with requests, a big group like PE presents may be a low priority.
Or maybe Google is killing it off as it does to working app for time to time..
🍻
Just because you don't know where you are going doesn't mean any road will get you there.1 user thanked author for this post.
a manual request works but slowly.
Good catch!
I didn’t think of trying that! Works here, too!
Which tells me that Google is probably employing traffic management for their servers, and whenever they see a blast of VT requests from a single IP address they get denied…
Windows 10 Pro 22H2
Tried again today, still getting Virus Total “unknown” results in Sysinternals…
Windows 10 Pro 22H2
Interesting – as of today (31Dec2020), without changing anything that would/should have fixed it, ProcessExplorer is now submitting hashes to VirusTotal again, and the results today are even cleaner than before. Meaning, I’m getting fewer false positive reports, and a very consistent number of anti-virus provider responses (almost all responses are out of 76, when in the past, not all AV providers provided responses for all hashes).
Thanks to those of you who confirmed my results, and provided suggestions. Maybe the contacts to VirusTotal got things fixed!
Viewing 11 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Finding Microsoft Office 2021 product key
by 2 hours, 13 minutes ago
-
Over-the-Top solves it!
by 2 hours, 56 minutes ago
-
To Susan – Woody Leonhard, the “Lionhearted”
by 9 hours, 57 minutes ago
-
Extracting Data From All Sheets
by 11 hours, 32 minutes ago
-
Use wushowhide in Windows 11 24H2?
by 11 hours, 41 minutes ago
-
Hacktool:Win32/Winring0
by 11 hours, 28 minutes ago
-
Microsoft Defender as Primary Security Question
by 12 hours, 8 minutes ago
-
USB printers might print random text with the January 2025 preview update
by 14 hours, 11 minutes ago
-
Google’s 10-year-old Chromecast is busted, but a fix is coming
by 23 hours, 47 minutes ago
-
Expand the taskbar?
by 23 hours, 37 minutes ago
-
Gregory Forrest “Woody” Leonhard (1951-2025)
by 2 hours, 24 minutes ago
-
March 2025 updates are out
by 50 minutes ago
-
Windows 11 Insider Preview build 26120.3380 released to DEV and BETA
by 1 day, 17 hours ago
-
Update Firefox to prevent add-ons issues from root certificate expiration
by 2 days ago
-
Latest Firefox requires Password on start up
by 1 day, 19 hours ago
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 2 days, 13 hours ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 1 day, 12 hours ago
-
How Much Daylight have YOU Saved?
by 1 day, 15 hours ago
-
A brief history of Windows Settings
by 1 day, 8 hours ago
-
Thunderbolt is not just for monitors
by 1 day, 7 hours ago
-
Password Generators — Your first line of defense
by 1 day, 12 hours ago
-
AskWoody at the computer museum
by 12 hours, 37 minutes ago
-
Planning for the unexpected
by 1 day, 13 hours ago
-
Which printer type is the better one to buy?
by 2 days, 15 hours ago
-
Upgrading the web server
by 2 days, 13 hours ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 3 days, 8 hours ago
-
Creating a Google account
by 3 days, 7 hours ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 3 days, 13 hours ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 4 days ago
-
AI *emergent misalignment*
by 4 days, 2 hours ago
Remembering Woody
