fshoster32.exe (F-Secure Host Process) is eating a lot of CPU without apparent reason
fshoster32.exe (F-Secure Host Process) is eating a lot of CPU without apparent reason... What is this process for? Is it a normal behavior? Could a malware be cloaked under this name?
Thanks in advance for your help!
did you set any Scheduled Scan? it may be because of that F-Secure is scanning.
first run a Full Computer Scan from Tools tab to make sure your System is Clean.
my F-Secure CPU Usage in Windows 10 Latest Update, is about 0.3%
it should not use a lot while you are in normal situations.
if this much usage continued, you need to wait till monday, start a Chat Support and they can check what is going on with Remote connection ( If Needed ).
Hope that helps6 1Like
thanks a lot for these details. I was not running a scheduled scan, therefore it could be something else. I will run a full scan with Malwarebytes to check if there is anything wrong.
A general question: could a malware be sufficiently advanced to modify F-Secure behavior, or even pretend to be F-Secure itself? This could be the ultimate threat.
What would be very convenient IMHO is that F-Secure provide a check of its own footprint, to make sure it is not itself corrupted. What do you think? Thanks in advance.
You are very welcome!
well the first thing a CyberSecurity Company need to do, is that to be able to Protect itself! or it's products ( we call it Self Protection )
so don't worry F-Secure is able to protect itself. did you install any new program this recently? it may be monitoring it because it's open and DeepGuard don't trust it. anyway, if this much usage take too long, start a chat support with F-Secure.
Thanks a lot Parham for this info! (I am a newbie in security issues.)
I will carefully check if there is anything strange in F-Secure Host Process behavior in the coming days (for the moment, everything looks fine) and will report anything serious to chat support.
Have a good week-end,
All (or most?!) of F-Secure services (files) should be signed.SpoilerI think that malicious software able try to "trick" users by using name most of popular services/processes, but most likely they do not able to trick about digital signed certs (they able, but it will be more hack, than trick). And if it will be like that - I think it should be large leak... so.. not common situation. And I think that F-Secure Analysts checking real-time situation as try brief detect such tricks.
There was knowledgebase-article: https://community.f-secure.com/t5/Common-topics/F-Secure-code-signing/ta-p/77546
Not sure - if it still actual about "cert"-data (not check it with my device) - but main meanings still there.
F-Secure also will check/validate own updates (and their downloading updates/hotfixes).
Also about F-Secure Host Process (fshoster) - there can be multiple number of them;
As example - some of this services/processes about scanning/updating flow (and runs as SYSTEM) ;
And all of F-Secure processes are required for proper work (designed view); And fshoster - as common/generic process - able to work for User Interface and most of other "meanings".
So disk-usage can be based on different points probably.
Except good point (which was noted there already) about scheduled scan (or other scanning) it can be during "updating" databases (as example - Aquarius-core); Usually it take "visible number of resources".
But should be just temporary.
And also there was topic about "potentially related meanings" with official response by F-Secure team:
Thanks Ukko for the feedback. I checked fshoster32.exe and its "Properties" say that its digital signature is valid (however exact SHA1, etc., numbers do not match with the one you provided).
What is strange is that fshoster32.exe has started behaving like this very recently. Is it a normal update process that runs periodically or something else?
Thanks in advance!
Some words as background to my answer:Spoiler
I also want to add that I'm also just F-Secure user and all of my words just as my suggestions (mainly based on my experience with using F-Secure security solutions and also based on some previously official replies by official F-Secure stuff under community; And also, of course, basically based on common sense);
So, certain answer able to give just official F-Secure stuff/teams. With previous replies there already good tips about contact direct support channels as phone or chat with meanings that they able to get some diag-logs and check situation. And points with potentially real-time scanning/protection (or on demand scanning) - which can be a potential reason..
And mainly it required if your experience about stable "too much" CPU usage.
"What is strange is that fshoster32.exe has started behaving like this very recently"
Do you mean common situation (as your topic) or during time, when you check digial signature?
With my systems usually can be about some fshosters (as User, as System, as Network).
And can be multiple fshoster32 (as F-Secure Host Process), which can be as "main provider" for User Interface, scanning/updating abilities, other features;
If there more fshoster32 (as it was under topic, which I noted with my previous reply) - maybe in somewhat reasons there crash for fshoster32 and it re-trigger fresh one (as "recovery" from crash-state);
So, there next meanings - when you access to F-Secure UI (any settings, Main UI or other) - one of fshoster32 will be with resource-usage (how long it "in action" or how often there some actions - so many resources can be in use);
If you run scanning (manuals can or scheduled scan) - one of fshoster32 will be with resource-usage based on certain scanning process.
Also there should be Real-time Protection (scanning) - so if there a lot of processes/services/executable files or files under the folder at access - it can increase resource-usage by fshoster.
And many other potential situations (include "updating" for databases, which with F-Secure will be about certain "time-delay" - each hour F-Secure trigger check if there available fresh updates. if yes - it will be downloading/processing/installing); With my experience I usually noted F-Secure "resource usage" just with Aquarius-updates (as main core and large database) - it can take one minute / three minutes. I mean with situation, when we do not run something as scanning (where expected high load and using system resources);
BUT with one of your replies you noted that "did full scan by Malwarebytes".
Usually (at least previous Malwarebytes builds) there can be words that it compatible with another security solutions and with F-Secure, but with my experience and machines (my desktops was usually with slow configuration and really limited with CPU/RAM) Malwarebytes will increase troubles under my system; And with installed F-Secure/Malwarebytes there was double using system resources.
It possible that with such software (as second security solution or potentially "active" software) F-Secure will be with more system resource using.
Because F-Secure should to check practically each action under system (monitoring, analysing, preventing and many other). Maybe you have experience about something of this.
If not (or if yes) - anyway how it was with good replies under your topic - most good step it contact F-Secure Support Channels directly (as chat or phone) --> because they able to check situation with required diagnostic logs. And they will see - if under your system something indeed wrong (or can be OK).
Sorry for my long reply!
Dear Ukko, thanks a lot for your feedback! Please do not worry for the length of your reply, it was perfectly fine.
F-Secure Host Process has calmed down now, after a reboot. I will see if it comes back again.
Regarding Malwarebytes, I am only using the free non real-time version of it, therefore I guess it is fine. My only real-time Internet security software is F-Secure.
I will definitely contact F-Secure support if this issue shows up in the coming days. Thanks again for your help.
My experience was also mainly about Malwarebytes not premium (but also some days with Trial-time Pro) - mainly because their "impact" to my systems was not an option (of course, with real-time feature it will increase potentially more). It was not actual builds - so my reply was just as suggestion that there can be some of "active" sofware under system (as example MBAM). I mostly noticed troubles during "network"-connection by Malwarebytes. And it also was with Google Chrome (take a lot of resources and as result F-Secure time to time triggered notification that "there trouble with protection" - because system overloaded).
But this my experience about such outdated system/hardware... that it already not just OS not supported, but hardware also not supported by most of actual software (F-Secure including); But when it was supported - F-Secure was practically one of security solutions, which not totally kill my system/machine and basically it was pretty nice experience (I tried/checked many of security solutions with this systems - randomly and specially); After this - F-Secure, of course, with a lot of changes - but I still think that they trying to do less impact for systems and did all steps with strong "quality"-system-guide.
There can be any other software, which able to perfom some actions under your system (and F-Secure detect it / monitor it); Or like if there can be "on-the-fly" creating/using files/resources. As example - fshoster also able to increase CPU usage while you trying to use Games.
Because that - F-Secure have option "Game/Gaming mode" (which will more friendly for system resources and other tweaks). And usually it properly work - if anyone noted that he have experience about fshoster-eating during game-experience.
I not noticed it certainly about Fshoster (but noticed system slowness) with recent time, but it can be that "Windows Update" (which with Windows 10 on current time "automatically" at the background) will trigger additional activities by fshoster (F-Secure monitoring/scanning); It was time to time previously as "possible" reason.
I also mean - that if you met this troublepoints else one time and if get some help from F-Secure Support. It will be quite useful and helpful - if you will back with "solution" (or explanation about reasons).
Thanks again Ukko. I will definitely report any explanation/solution!