visual studio – ASP.NET web site on .NET 4.7.2 – what executable runs?


For .NET Framework, which is everything in the 4.x series and earlier, the executable is almost always w3wp.exe, usually in C:\Windows\System32\inetsrv, and it runs as part of the IIS web server.

This is not just your web site, but any .NET code running on that web server, meaning adding this to an allowlist can still be a much broader exemption than desired.

Starting with .NET Core, this is much less likely to remain true, and it’s more common for web sites to build into their own separate application.

Your web site may further load additional *.dll or other binary files, but exactly what that looks like depends on how the project/solution is built. At very least, examine your D:\mywebsite\bin folder and look at the .dll files there.


But if it were me, I would NOT use an allowlist for my site. When (not if, because everyone makes mistakes) we eventually push out a flaw in our code, if someone manages to take advantage in a way that lets them use or mimic malware on my server, I want to know about it as quickly possible.

Instead, I like my Test/QA/Staging environments to have the same antivirus protection as production and then ensure everything gets a good work-around and normal operation does not trigger detections in the first place.

Leave a Reply

Your email address will not be published. Required fields are marked *