Security Issue? with Windows Audio Endpoint Builder

Posted: 08-29-2008, 06:33 PM

*Security Issue? with Windows Audio Endpoint Builder*
Hello. I was tracking down why my *svhost.exe* (used for internet &
network Connections) was being used to access a whole bunch of Picture
files in one of my folders. Files that were not being used by any other
program or service at the time (not even the File Manager). It was
running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID
to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)"
Service. I used the resource monitor to see that the WAEB was accessing
numerous files in various folders.
_What_stood_out_was_my_personal_pictures_it_was_ac cessing_.

I looked the service up and in no way is it dependant on or is depended
on by any system except AUDIO on the computer. However according to a
company that deals in computer security (and Microsoft) it is a service
launched by the legitimate 'C:\Windows\System32\svchost.exe' program.

The actual executable file for the Windows Audio Endpoint Builder
service is 'C:\Windows\System32\audiosrv.dll'.

Now this 'service' was reading my picture (JPG) files in the Public
folder that has no system files in it. *Can anyone explain why an Audio
Support DLL is interested in my Pictures?* As well as other files.

I saw mention of this service having something to do with the System
Indexing Serice as well in my search results when trying to find
information. If it is related to indexing then why is it interested in
NON-AUDIO files at all? if the indexer uses 'Associated With'
executables to 'read' files for indexing then it should be using an
audio processor to deal with audio files and an image processor for
pictures, etc -- right?

My concern is that it is being used as a backdoor or such to
_grab_files_for_a_third_party_. Though I cannot find that this file
sends data beyond my machine, it may process it for another program
which would. As yet i cannot find anything suspicious on the outgoing
side.

I realize that Microsoft is trying to use internet protocols for
program interactions (even within the same machine) in support of its
ditributed processing theme (BAD idea), but allowing such DLLs to be
connected to much less - Launched By - the same service that talks to
the internet seems risky, if not downright stupid (Thats a seperate
subject alone).

Any Thoughts or comments would be appreciated.

THANK YOU


--
Nobias
Posted via http://www.vistaheads.com

Security Issue? with Windows Audio Endpoint Builder


Responses to "Security Issue? with Windows Audio Endpoint Builder"

csharpsean
Guest
Posts: n/a
 
Re: Security Issue? with Windows Audio Endpoint Builder
Posted: 02-06-2009, 12:14 AM

Hey
I ran into the same problem with the Windows Audio Endpoint Builder an
Windows Audio. I tracked down the problem and it was the ATI HDMI Audi
Controller of all things. This was the last thing I checked and surel
enough it solved my high cpu problem relating to the Audio

I wrote a complete help guide to solve this problem and more like it

Check it out on my blog and if you have any questions, I will do m
best to help out
'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx
(http://tinyurl.com/bzs9wz

Hope this helps you and many more

--
csharpsea
Posted via http://www.vistaheads.co

Sam Hobbs
Guest
Posts: n/a
 
Re: Security Issue? with Windows Audio Endpoint Builder
Posted: 02-06-2009, 06:54 PM
Many people won't know what you are talking about since you are replying to
an old message and you have removed the portion that provides context and
such.



"csharpsean" <csharpsean.3n5ug3@no-mx.forums.vistaheads.com> wrote in
message news:csharpsean.3n5ug3@no-mx.forums.vistaheads.com...
>
> Hey,
> I ran into the same problem with the Windows Audio Endpoint Builder and
> Windows Audio. I tracked down the problem and it was the ATI HDMI Audio
> Controller of all things. This was the last thing I checked and surely
> enough it solved my high cpu problem relating to the Audio.
>
> I wrote a complete help guide to solve this problem and more like it.
>
> Check it out on my blog and if you have any questions, I will do my
> best to help out.
> 'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx'
> (http://tinyurl.com/bzs9wz)
>
> Hope this helps you and many more!
>
>
> --
> csharpsean
> Posted via http://www.vistaheads.com
>
csharpsean
Guest
Posts: n/a
 
Re: Security Issue? with Windows Audio Endpoint Builder
Posted: 02-06-2009, 07:08 PM

Nobias;978230 Wrote:
> *Security Issue? with Windows Audio Endpoint Builder*
> Hello. I was tracking down why my *svhost.exe* (used for internet &
> network Connections) was being used to access a whole bunch of Picture
> files in one of my folders. Files that were not being used by any other
> program or service at the time (not even the File Manager). It was
> running _under_LocalSystemNetworkRestricted_mode_ and i tracked the PID
> to the "'-Windows Audio Endpoint builder-' (http://tinyurl.com/6nbez6)"
> Service. I used the resource monitor to see that the WAEB was accessing
> numerous files in various folders.
> _What_stood_out_was_my_personal_pictures_it_was_ac cessing_.
>
> I looked the service up and in no way is it dependant on or is depended
> on by any system except AUDIO on the computer. However according to a
> company that deals in computer security (and Microsoft) it is a service
> launched by the legitimate 'C:\Windows\System32\svchost.exe' program.
>
> The actual executable file for the Windows Audio Endpoint Builder
> service is 'C:\Windows\System32\audiosrv.dll'.
>
> Now this 'service' was reading my picture (JPG) files in the Public
> folder that has no system files in it. *Can anyone explain why an Audio
> Support DLL is interested in my Pictures?* As well as other files.
>
> I saw mention of this service having something to do with the System
> Indexing Serice as well in my search results when trying to find
> information. If it is related to indexing then why is it interested in
> NON-AUDIO files at all? if the indexer uses 'Associated With'
> executables to 'read' files for indexing then it should be using an
> audio processor to deal with audio files and an image processor for
> pictures, etc -- right?
>
> My concern is that it is being used as a backdoor or such to
> _grab_files_for_a_third_party_. Though I cannot find that this file
> sends data beyond my machine, it may process it for another program
> which would. As yet i cannot find anything suspicious on the outgoing
> side.
>
> I realize that Microsoft is trying to use internet protocols for
> program interactions (even within the same machine) in support of its
> ditributed processing theme (BAD idea), but allowing such DLLs to be
> connected to much less - Launched By - the same service that talks to
> the internet seems risky, if not downright stupid (Thats a seperate
> subject alone).
>
> Any Thoughts or comments would be appreciated.
>
> THANK YOU
Hey,
I ran into the same problem with the Windows Audio Endpoint Builder and
Windows Audio. I tracked down the problem and it was the ATI HDMI Audio
Controller of all things. This was the last thing I checked and surely
enough it solved my high cpu problem relating to the Audio.

I wrote a complete help guide to solve this problem and more like it.

Check it out on my blog and if you have any questions, I will do my
best to help out.
'http://www.hopeasp.net/hopeasp.net/post/2009/02/05/Solve-Windows-Vistae28099s-High-CPU-Usage-Now!.aspx'
(http://tinyurl.com/bzs9wz)

Hope this helps you and many more!


--
csharpsean
Posted via http://www.vistaheads.com

 
LinkBack Thread Tools Display Modes
 


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump


Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows Audio Endpoint builder: high cpu usage edsager Windows Vista Performance & Maintenance 0 04-15-2007 08:38 AM
Windows Vista Locale Builder Available Chad Harris Windows Vista 0 06-23-2006 01:15 PM
IE, Windows XP security issue, End user being locked out Rick Windows XP Security & Administration 0 10-01-2003 12:02 PM
security issue with windows Jeremy Windows XP Security & Administration 2 08-18-2003 06:56 AM
security issue with windows nt, 2k, xp jim Windows XP Security & Administration 0 08-17-2003 03:58 AM