Guest Nobias Posted August 29, 2008 Posted August 29, 2008 Security Issue? with Windows Audio Endpoint Builder Hello. I was tracking down why my svhost.exe (used for internet & network Connections) was being used to access a whole bunch of Picture files in one of my folders. Files that were not being used by any other program or service at the time (not even the File Manager). It was running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)" Service. I used the resource monitor to see that the WAEB was accessing numerous files in various folders. _What_stood_out_was_my_personal_pictures_it_was_accessing_. I looked the service up and in no way is it dependant on or is depended on by any system except AUDIO on the computer. However according to a company that deals in computer security (and Microsoft) it is a service launched by the legitimate 'C:\Windows\System32\svchost.exe' program. The actual executable file for the Windows Audio Endpoint Builder service is 'C:\Windows\System32\audiosrv.dll'. Now this 'service' was reading my picture (JPG) files in the Public folder that has no system files in it. Can anyone explain why an Audio Support DLL is interested in my Pictures? As well as other files. I saw mention of this service having something to do with the System Indexing Serice as well in my search results when trying to find information. If it is related to indexing then why is it interested in NON-AUDIO files at all? if the indexer uses 'Associated With' executables to 'read' files for indexing then it should be using an audio processor to deal with audio files and an image processor for pictures, etc -- right? My concern is that it is being used as a backdoor or such to _grab_files_for_a_third_party_. Though I cannot find that this file sends data beyond my machine, it may process it for another program which would. As yet i cannot find anything suspicious on the outgoing side. I realize that Microsoft is trying to use internet protocols for program interactions (even within the same machine) in support of its ditributed processing theme (BAD idea), but allowing such DLLs to be connected to much less - Launched By - the same service that talks to the internet seems risky, if not downright stupid (Thats a seperate subject alone). Any Thoughts or comments would be appreciated. THANK YOU -- Nobias Posted via http://www.vistaheads.com Quote
Guest csharpsean Posted February 6, 2009 Posted February 6, 2009 Hey, I ran into the same problem with the Windows Audio Endpoint Builder and Windows Audio. I tracked down the problem and it was the ATI HDMI Audio Controller of all things. This was the last thing I checked and surely enough it solved my high cpu problem relating to the Audio. I wrote a complete help guide to solve this problem and more like it. Check it out on my blog and if you have any questions, I will do my best to help out. 'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx' (http://tinyurl.com/bzs9wz) Hope this helps you and many more! -- csharpsean Posted via http://www.vistaheads.com Quote
Guest Sam Hobbs Posted February 6, 2009 Posted February 6, 2009 Many people won't know what you are talking about since you are replying to an old message and you have removed the portion that provides context and such. "csharpsean" <csharpsean.3n5ug3@no-mx.forums.vistaheads.com> wrote in message news:csharpsean.3n5ug3@no-mx.forums.vistaheads.com...<span style="color:blue"> > > Hey, > I ran into the same problem with the Windows Audio Endpoint Builder and > Windows Audio. I tracked down the problem and it was the ATI HDMI Audio > Controller of all things. This was the last thing I checked and surely > enough it solved my high cpu problem relating to the Audio. > > I wrote a complete help guide to solve this problem and more like it. > > Check it out on my blog and if you have any questions, I will do my > best to help out. > 'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx' > (http://tinyurl.com/bzs9wz) > > Hope this helps you and many more! > > > -- > csharpsean > Posted via http://www.vistaheads.com > </span> Quote
Guest csharpsean Posted February 6, 2009 Posted February 6, 2009 Nobias;978230 Wrote: <span style="color:blue"> > Security Issue? with Windows Audio Endpoint Builder > Hello. I was tracking down why my svhost.exe (used for internet & > network Connections) was being used to access a whole bunch of Picture > files in one of my folders. Files that were not being used by any other > program or service at the time (not even the File Manager). It was > running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID > to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)" > Service. I used the resource monitor to see that the WAEB was accessing > numerous files in various folders. > _What_stood_out_was_my_personal_pictures_it_was_accessing_. > > I looked the service up and in no way is it dependant on or is depended > on by any system except AUDIO on the computer. However according to a > company that deals in computer security (and Microsoft) it is a service > launched by the legitimate 'C:WindowsSystem32svchost.exe' program. > > The actual executable file for the Windows Audio Endpoint Builder > service is 'C:WindowsSystem32audiosrv.dll'. > > Now this 'service' was reading my picture (JPG) files in the Public > folder that has no system files in it. Can anyone explain why an Audio > Support DLL is interested in my Pictures? As well as other files. > > I saw mention of this service having something to do with the System > Indexing Serice as well in my search results when trying to find > information. If it is related to indexing then why is it interested in > NON-AUDIO files at all? if the indexer uses 'Associated With' > executables to 'read' files for indexing then it should be using an > audio processor to deal with audio files and an image processor for > pictures, etc -- right? > > My concern is that it is being used as a backdoor or such to > _grab_files_for_a_third_party_. Though I cannot find that this file > sends data beyond my machine, it may process it for another program > which would. As yet i cannot find anything suspicious on the outgoing > side. > > I realize that Microsoft is trying to use internet protocols for > program interactions (even within the same machine) in support of its > ditributed processing theme (BAD idea), but allowing such DLLs to be > connected to much less - Launched By - the same service that talks to > the internet seems risky, if not downright stupid (Thats a seperate > subject alone). > > Any Thoughts or comments would be appreciated. > > THANK YOU</span> Hey, I ran into the same problem with the Windows Audio Endpoint Builder and Windows Audio. I tracked down the problem and it was the ATI HDMI Audio Controller of all things. This was the last thing I checked and surely enough it solved my high cpu problem relating to the Audio. I wrote a complete help guide to solve this problem and more like it. Check it out on my blog and if you have any questions, I will do my best to help out. 'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx' (http://tinyurl.com/bzs9wz) Hope this helps you and many more! -- csharpsean Posted via http://www.vistaheads.com Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.