I have a question about that FD of comodo Defense+

I used comodo to monitor that the svchost will modify some exe and dll files
And these files(dll exe) are already existing,maybe :azn:

This should be how to understand

I also used other hips,but there is no such hint
Comodo is different from the others ,there are other different definitions for fd
Svchost modified exe files or dll files In memory,Not on the hard disk file???
I am very confused
Please Help thanks very much

Are you sure safe mode wasnt best for you?

Just for farther
Want to know more