Access Memory events logged for procexp64.exe (Process Explorer)


Defense+ Events is logging three entries every six seconds for procexp64.exe, even though it has been added to CIS’s Interprocess Memory Accesses.

The process (file) does not actually exist except when Process Explorer is running. It is created when PE is started, and removed when PE is stopped.

Also, several (5) entries are added for procexp64.exe in Trusted Files. I didn’t notice this to be the case with CIS prior to 5.4.189068.1354.

Thanks for any advice.

Edit: Apologies - user error. I’m unable to delete the post, so please ignore.

I will lock the topic then.