Security Issue? with Windows Audio Endpoint Builder Hello. I was tracking down why my
svhost.exe (used for internet & network Connections) was being used to access a whole bunch of Picture files in one of my folders. Files that were not being used by any other program or service at the time (not even the File Manager). It was running
under LocalSystemNetworkRestricted mode and i tracked the PID to the
"Windows Audio Endpoint builder" Service. I used the resource monitor to see that the WAEB was accessing numerous files in various folders.
What stood out was my personal pictures it was accessing.
I looked the service up and in no way is it dependant on or is depended on by any system except AUDIO on the computer. However according to a company that deals in computer security (and Microsoft) it is a service launched by the legitimate 'C:\Windows\System32\svchost.exe' program.
The actual executable file for the Windows Audio Endpoint Builder service is 'C:\Windows\System32\audiosrv.dll'.
Now this 'service' was reading my picture (JPG) files in the Public folder that has no system files in it.
Can anyone explain why an Audio Support DLL is interested in my Pictures? As well as other files.
I saw mention of this service having something to do with the System Indexing Serice as well in my search results when trying to find information. If it is related to indexing then why is it interested in NON-AUDIO files at all? if the indexer uses 'Associated With' executables to 'read' files for indexing then it should be using an audio processor to deal with audio files and an image processor for pictures, etc -- right?
My concern is that it is being used as a backdoor or such to
grab files for a third party. Though I cannot find that this file sends data beyond my machine, it may process it for another program which would. As yet i cannot find anything suspicious on the outgoing side.
I realize that Microsoft is trying to use internet protocols for program interactions (even within the same machine) in support of its ditributed processing theme (BAD idea), but allowing such DLLs to be connected to much less - Launched By - the same service that talks to the internet seems risky, if not downright stupid (Thats a seperate subject alone).
Any Thoughts or comments would be appreciated.
THANK YOU
Linear Mode
