Jump to content

Why would spoolsv.exe legitimately spawn another spollsv.exe.

Windows 7
 Share

Recommended Posts

Windows 7 Newbie

Windows 7

Posted
Posted

Why would spoolsv.exe legitimately spawn another spollsv.exe. I am a cyber security analyst and we have an alert that triggers often for this situation. Will this happen in an enterprise network where print servers are being used. The first spawn being action by the user and the second by the print server. I have also noticed netconn out to the print servers during this activity. 1 rpc call and then another to a random HEP. My guess is the first netconn is calling out to the print server to establish connection and the second to send the print job.

 

Continue reading...

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...