For some reason in task manager I see 4 conhost.exe processes, I felt that's a little weird so I did some research, long story short I heard a good way to verify if they're legit would be to open their file location, if it's in system32 that's a step in the right direction, next thing to check would be digital signature, only one of the four processes actually opened to the file location, and it didn't have a digital signature, and one of the processes was actually lacking a description in task manager, here's some screen shots showing what I'm talking about:
Properties of conhost.exe as found via "Open file location" in task manager (If my little research is correct, if it has a digital signature there should be a digital signature tab there, which there isn't)
I tried ending the conhost that didn't have a description, yet for some reason I don't have access. Side note: I'm on the administrator account.
From what I've read, conhost is entirely harmless and intended to fix a problem that was on Vista related to dragging/dropping to console, yet the fact one of them has no description and is above Administrator privileges, and the only seemingly legit one is lacking a digital signature, just feels a bit odd.
EDIT: Okay did some searching in system32 to see if any of the .exe files had the digital signature tab, and none of the ones I checked have it, which is leading me to believe what I read was probably outdated and no longer correct. Checking in details, from the looks of it, it has a Microsoft copyright,
Edited by applesauce10189, 20 June 2015 - 10:22 PM.