What to do about mshta.exe

Every time I go: CP > User Accounts I get a Defense+ Alert that “mshta.exe is an UNsafe application…”
According to other threads in this forum such as https://forums.comodo.com/empty-t21776.0.html it is normal for WinXP to use mshta.exe. I have a number of questions:-

  1. I have at least 2 files named ‘mshta.exe’ - C:\i386\mshta.exe (the only one found by XP’s file Search) and C:\WINDOWS\system32\mshta.exe - why does Search not find that one?
    Could there be other programs of the same name which XP Search is not telling me about?

  2. Since this is a normal process in WinXP, why does CPF show an alert saying it is an “UNsafe application”?

  3. C:\WINDOWS\system32\mshta.exe tests OK on Jotti’s Malware Scan. If it is this program that is causing the alerts, and there are no hidden and infected files of the same name elsewhere, how should I configure CFP to avoid all the mshta warnings?

Greetings, and welcome to the forums!

When doing a search, you’ll need to go the the advanced options and make it search inside the system folders and hidden files and folders.

It’s because it’s not in the safelist database. Why it’s not, I don’t know.
Maybe it’s because it might be unsafe. mshta.exe is used to launch programs from a HTML document. These might be infected. It’s probably flagged as ‘unsafe’ due to mshta.exe being the one to execute .HTA-files.

Seeing as mshta.exe is a component of Windows, you can allow it to be executed. Also, if anything else pops up, it’s safe to allow, unless anyone knows more about mshta.exe, and wants to add something.


Thanks for your reply Ragwing.

Seeing as mshta.exe is a component of Windows, you can allow it to be executed. Also, if anything else pops up, it's safe to allow

So how best should I “allow” mshta.exe to prevent the multiple alerts?
The obvious option, once one has researched the program and identified it as a normal Windows component, seems to be to ‘Treat as: Windows system application’ and ‘Remember’.

If that is the correct choice to make, why does Comodo not do that automatically, instead of worrying the user with the alerts???

Comodo know that mshta.exe is a normal and common Windows component, so why force the user to research it, only to come to (hopefully) the same conclusion???

Yes, that’s just fine. Most Windows components can be fully trusted, unless you want to have a strict policy.
But I do understand if you might get a little confused when CFP 3 tells you that it’s considered as unsafe, when it’s not.
In fact, some other Windows components are unsafe too, if they gets infected or abused. But as long as they don’t, they’re safe. Anyways, CFP 3 should tell you if a malware should try to interfere with them…