New Member
April 2, 2018
Question
Event regarding process FCHelper64.exe appearing every 5 seconds
- April 2, 2018
- 0 replies
- 2246 views
I have FortiClient version 5.6.4.1131 installed (on Windows 10). I recently recognized my mouse pointer turning into a mouse pointer plus waiting symbol every few seconds. If the mouse pointer is a text cursor, this does not appear.
I opened the Event Manager and browsed the Windows Protocols. I saw that in the Security section, there are entries every five seconds that have to do with FCHelper64.exe. It might be a false positive, but it lets me assume that those "Security Audits" lead to the mouse pointer changing for the fraction of a second.
Here is the xml view of such an event (some personal data deleted):
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">I also attached a screenshot from the event manager (in German). It seemed to have started just today. I did a virus scan of my C drive this morning which did not show any problems. Does anybody have more information regarding these events, how FCHelper64.exe is involved in it and if it could be a sign of a problem? Best Christian
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4798</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>13824</Task>
<Opcode>0</Opcode>
<Keywords>0x8020000000000000</Keywords>
<TimeCreated SystemTime="2018-04-02T10:36:47.593628900Z" />
<EventRecordID>85272</EventRecordID>
<Correlation ActivityID="{2FEAF796-CA6E-0000-FBF7-EA2F6ECAD301}" />
<Execution ProcessID="732" ThreadID="780" />
<Channel>Security</Channel>
<Computer>...</Computer>
<Security />
</System>
<EventData>
<Data Name="TargetUserName">...</Data>
<Data Name="TargetDomainName">...</Data>
<Data Name="TargetSid">S-1-5-21-3578451364-1994532401-4128530472-1001</Data>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">...</Data>
<Data Name="SubjectDomainName">WORKGROUP</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="CallerProcessId">0x16c4</Data>
<Data Name="CallerProcessName">C:\Program Files (x86)\Fortinet\FortiClient\FCHelper64.exe</Data>
</EventData>
</Event>