What is the purpose of the Windows registry key "Epoch"

1

Out of curiosity, what is the purpose of the registry key Epoch:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Epoch

enter image description here

My security software is warning me about the creation of this entry when running Python code (from IDE PyCharm) to open a file using Qt class QFileDialog:

from PyQt5.QtWidgets import QApplication, QFrame, QMainWindow, QWidget, QFileDialog


class Window(QWidget):

    def __init__(self, parent=None):
        super(Window, self).__init__(parent)
        self.show()
        dialog = QFileDialog(self, "Open File")
        dialog.setAcceptMode(QFileDialog.AcceptOpen)
        dialog.setFileMode(QFileDialog.ExistingFile)
        dialog.exec_()

def main():
    app = QApplication(sys.argv)
    _ = Window()
    status = app.exec_()
    sys.exit(status)


if __name__ == '__main__':
    main()

Process Monitor trace:

enter image description here

mins

Posted 2019-03-10T13:19:50.820

Reputation: 1 009

Is your Python code from a trusted source? Rootkits can cause this. – Michael Harvey – 2019-03-10T13:42:56.447

"My security software is warning me" - What is the warning? Please edit your question – Ramhound – 2019-03-12T20:24:02.040

Answers

1

The Epoch key represents the timestamp that the value was changed. The values within the SharedAccess key represent Windows Firewall preferences. This is why the specific keys are being flagged by your antivirus software.

shawn

Posted 2019-03-10T13:19:50.820

Reputation: 612

Thanks, so this key tells about when another change was done. Can we know which one? – mins – 2019-12-09T11:56:11.777

@mins Unfortunately, no. It's used as part of the automatic refresh of firewall options within the GUI and provides no other detail. – shawn – 2019-12-09T21:32:24.127

Asked: 2019-03-10T13:19:50.820

Viewed: 446 times

Active: 2019-12-09T04:03:55.893