The process was launched from C:\Program Files (x86)\Acer Bio Protection\EgisService.exe according to the PEB in the dump. The binary was signed by a certificate issued to Egis Technology Inc by Verisign.  Looking at my laptop services list, this turned out to be an autostart LocalSystem service named EgisTec Service with empty service description and a single direct dependency on another service called EgisTec Ticket Service.

It did not feel like this was malware but something to do with biometric authentication software on my laptop. Without further analysis of the process, it would be hard to categorically establish that this is a leak, however I felt confident in concluding that this was probably a leak3 in software licensed from Egis.

As nice a distraction this was, it was time to move on to what originally started all this, the BSOD.

1There may be a LogonUI.exe process running in session 0 at times.

2Perhaps because my uptime was lower for this run or my usage pattern had changed a bit.

3It is technically not a leak if the process has the handle tucked away and happened to not close it when process exited.

Tagged with →  
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *

Looking for something?

Use the form below to search the site:


Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.