+- GETOVERX FORUM Community Support (https://forum.getoverx.com)
+-- Forum: getoverx Shield (https://forum.getoverx.com/forumdisplay.php?fid=1)
+--- Forum: EDR (https://forum.getoverx.com/forumdisplay.php?fid=6)
+--- Thread: Unusual process detected – is this malware? (/showthread.php?tid=1)
Unusual process detected – is this malware? - mrwebfeeder - 09-20-2025
Author: alfred@04a3cf8d | Forum: edr-lite-endpoint-detection-response
Hello community, EDR Lite flagged a process named msworkerupdate.exe running from AppData\\Roaming. I don’t recognize it. Has anyone else seen this behavior? Could this be a new type of malware or just a false positive?
RE: Unusual process detected – is this malware? - alfredhf - 09-20-2025
That process name (msworkerupdate.exe in AppData\Roaming) is not part of standard Windows components. Its location and naming pattern are suspicious and often associated with malware or unwanted software.
To be safe, I’d recommend:
Running a full scan with your security suite.
Checking the file with GetOverX Service logs.
Monitoring if the process persists after reboot.
If it keeps reappearing, it’s more likely to be malware than a false positive. In that case, isolating or removing the file is advisable.