The refusal I've encountered of even considering such a thing caught me off guard,
My first post got me banned from sevenforum three days after I registered for posting crap -claim- I think it was really when someone posted their services I mentioned what AVG has done is a crime - it's like 10 services now, I hit on a sponsor. It's been so long since I've used any av program but 8-10 services are too much for a program
This type of thing (CWX) comes in three phases, one the alert there might be a problem with xxx and what you or they found.
Two is verification that it is indeed it's not wanted. In this case I'm might know where I can get it, and if not be very disappointed in them.
Three what it really does as your findings are coming together and making since and
normally the removal and repair if needed.
I'm at three - I know all who have a CWX directory have sent a scan like I posted just with their cache files. It ran for 24 hours then left so less than 25 hours. Your protection didn't have time to get anything to you. So why even mention it. I know how I screwed up and it went from 500 to 7 K (it got sent), I know why I alone came across it. Pretty much any question about about it now I can answer, FWIW I fairly sure to a high degree what directory it used to hide it's activity, come on it's an easy one, considering what it sent. I know Microsoft didn't do this alone, a third party collected the config.xml files who? don't need to know, and I'm sure nobody else does either. but it's not over, expect this again as from the post I've read if you read this your one of the few who know what it did, Microsoft got away with it.
apk scores one here, he's not a spammer while the post are long even for me and overkill they can be much shorter (just tell me if my post are too long), he's really giving you a clue, if you just listen to what he supports above all - is better than anything else you can run then your close to understanding the clue.
And while I did everything right I did it wrong. 15 days after it's installation and still nobody knew what it really does was a red light for me and why I was removing it.
Oh and the fact I sent a scan to someone I could care less - I'm sure I've sent worse. My post were to alert u, but hell it happened over 10 days ago so my post were useless.
My protection: very old version of Comodo firewall, if it works as well has all this time it stays, what I know, HOSTS file and autoruns to tell me what I need to know.
would suggest you remove the CWX directory, even if it's other function is "prep you for an update" hell easier and to introduce you to the only tool you need (for most functions) just use autoruns and disable it,
An option is to: Hide Signed Microsoft Entries you can't trust them anymore I'd have those in the view. (unhide MS entries)