Description | This article explains what a service access attempt means in the context of a security event |
Scope | FortiEDR. |
Solution |
Some applications will try to perform a service access attempt, as seen in the following security event, where a process called joiedevivre.exe has injected its own thread in notepad.exe's address space to perform this action:
A service access attempt is usually performed when an application is trying to achieve persistence in Windows Services.
Legitimate and non-legitimate applications do so by first opening a connection to the Service Control Manager database, using the OpenSCManager function, which is exported from sechost.dll: OpenSCManagerA function (winsvc.h)
In this case, sechost.dll is observed in the call stack of the event:
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.