This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DynamicShellCode - Event Log Service

I am getting hundreds of these error messages. Uninstalling and reinstalling Sophos hasn't helped.

What can I do to either stop these messages or fix the root cause?



This thread was automatically locked due to age.
Parents Reply Children
  • Thanks, but I've already read that link and it does nothing and says nothing, other than how to add an exception if there is an application using memory that regular applications do not. Clearly the Windows Event Viewer is a regular application, so I don't want to add an exception. That's a lazy way out that may be allowing a problem to occur without detection. If it was a useful article with troubleshooting steps to actually fix/resolve the issue, I wouldn't need to post on the forums.

    Threat analysis says nothing either, or again, I wouldn't be here. Says the Windows Event Service has an unknown reputation (I find that very hard to believe). SFC /scannow finds no integrity issues.

  • If you suspect this may be a false positive, installing the hotfix package for Intercept X may help. 

    If the detection is occurring consistently, it may help to run Process Monitor or Process Explorer on the device to gather additional details surrounding the execution of the wevtsvc.exe process.

    You can also try using the Live Discover query Sophos PID and reputation of all running processes as a starting point to run queries against the device to investigate further. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • After four days back and forth with Sophos Technical Support trying to get me to pay money to get it investigated, I managed to solve this problem myself.

    If anyone else comes across this error, the fix is to uninstall Sophos and reboot. Then download Norton Antivirus, the free "power eraser" from its website and it will get rid of the Malware with no problem whatsoever. You can then re-install Sophos and hope that next time it is about to clean the malware itself.