Just had this pop up on 9 machines running KES 10 10.2.6.3733 / 10.2.4.674 (out of approx 440 in total)
Comes up as Trojan.Multi.Accesstr.a running in memory - advanced disinfection required and fails on all machines.
All machines reporting this started after 30/08/18 - 16:30GMT
Upgrading infected machines to 10.3.0.6294 hasn't enabled disinfection, but none of our 10.3.0.6294 machines are so far infected
Not being detected by any servers running 10.0.0.486 or 10.1.0.622
We have a thorough description of the problem:
This verdict (Trojan.Multi.Accesstr.a) is used to detect files cmd.exe and powershell.exe which are kept in the system folder under different names.
In similar reqests from customers we have encountered the following:
File C:\Windows\system32\sethc.exe is in fact cmd.exe, which can be used to gain unauthorized access to the system.
Because the original sethc.exe could not be found, the disinfection could not be performed correctl