Hxtsr.exe – a legitimate MS Outlook file that can be falsely detected as malicious by various security vendors
Hxtsr.exe is an executable file that belongs to the Microsoft Office applications for Windows operating systems and stands for Microsoft Outlook Communications. The purpose of the file is to establish the connection between Outlook 2013/2016 on user's computer and Microsoft servers. Because Hxtsr.exe operation invades path-based recognition rules, it can be often flagged up as a false positive by anti-malware software or firewall. However, in most cases, there is nothing to worry about, as it is highly unlikely that the executable has something to do with a malware infection. Despite of that, there are numerous claims on the Internet that Hxtsr.exe causes high CPU usage. In this case, users should reinstall Microsoft Office or make sure that all updates are downloaded and installed.
|Related to||Microsoft Office and MS Outlook applications|
|Location||Subfolder of C:\Program Files|
|Problems||Often detected as malicious by various AV vendors due to structural similarities to the virus|
|Programs flagging hxtsr.exe as unsafe||
|Elimination||Needed only if the executable is infected/replaced by malware|
Hxtsr.exe is used on Windows XP/7/8/10 machines, and its size varies between 31kB to 99kB. The file is located in a subfolder of C:\Program Files (for example C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7466.41167.0_x64__8wekyb3d8bbwe\HxTsr.exe).
While Hxtsr.exe is a legitimate process used by Outlook and MS Office applications, it is not an essential part of the Windows system. Therefore, Hxtsr.exe removal can be performed, although certain features of the mentioned applications might not work correctly. We suggest you leave the file running if malware has nothing to do with it.
Speaking of malware, several users reported that Hxtsr.exe was intercepting their bandwidth and was sending out a lot of information to the specified IP address. While the process might look suspicious, it might be legitimate, as Outlook is trying to connect to Microsoft's Outlook.com or Outlook.office365.com. Therefore, it is another reason to scan your machine with reputable anti-malware software and make sure that no viruses are involved.
Users who experience the following symptoms should be especially worried:
- Hxtsr.exe is not located in the subfolder of C:\Program Files;
- The computer works slowly;
- Applications crash or/and lag;
- Frequent error messages pop-up;
- The CPU usage is higher than usual;
Because many security programs are flagging the file as malicious, multiple users rushed forums of the security software used in order to find out what is going on, and why is the file is detected. Several AV vendors, including Panda, Avast and Malwarebytes agreed that the detection was indeed a false positive. Panda security wrote:
According to the screenshot its being bloked by the Application control protection
You can safely allow it as it belongs to Microsoft (Microsoft Outlook Communications)
Following these reports, the database of the anti-virus software was quickly updated, so those who have it up to date should not experience the Hxtsr.exe “virus” pop-up. Additionally, the file was canned with file-checking software via VirusTotal and returned no malicious entries.
Users also revealed that every time they update Windows operating system Hxtsr.exe file is being detected as malicious. This is due to the fact that the file is changing its location after each update; however, users do not have access to those folders. Therefore, if you are sure that Hxtsr.exe is not a virus, you can whitelist the file.
Some users complained that the file causes many issues, such as using too much memory, crashing the PC or even denying the access to Microsoft Outlook. This usually happens due to outdated Windows OS, so patching the system to the latest versions should fix Hxtsr.exe issues.
If problems persist, scan your device with Reimage – this computer repair software can fix most of the bugs on the system.
Malware can be disguised as any executable, so be wary
Computer viruses, depending on their purpose, are programmed so that the detection rate would be minimal. Therefore, any executable can be infected, replaced, or copied by malware, reducing the risk of users spotting the malicious file being active. For example, most users are familiar with the system32.exe file. However, it is known to be attacked by various trojan horses and making duplicates of the file.
Therefore, beware of malware infiltration techniques. We recommend the following precaution measures:
- Always update your software whenever security updates are released;
- Beware of phishing emails, as malicious code is often injected into the spam email attachments which can be enabled via the macro function. Better scan the attached file before attempting to open it. Additionally, cleverly hidden hyperlinks can lead users to malware-laden domains;
- Download and install reputable security software and keep it up to date. In most cases, anti-virus programs will block already known malware;
- Avoid downloading files from torrent and other file-sharing sites;
- Do not click on questionable links and pop-ups;
- Backup your system!
Eliminate Hxtsr.exe virus if necessary
As we already mentioned, Hxtsr.exe is a legitimate file, although not essential for the Windows operating system. If your anti-virus is flagging it as malware, make sure you check the location of the file. Additionally, users who use Panda, AVG or Norton are known to receive false positives when it comes to this executable.
Therefore, do not instantly come to conclusions, as problems with Hxtsr.exe might be related to an outdated system or be a false positive. However, scanning the device with multiple AV engines might be a good idea, because malware infection, although unlikely, is still possible.
To conclude, scan your machine, make sure the file is legitimate, and let it run. Alternatively, you can remove Hxtsr.exe file if you wish so. If security software indicated malware, make sure you get rid of it and then run Reimage for full system repair.