Hello,
System: Windows 10 x64 build 18362; KTS 19.0.0.1088 (f), databases 21 June 2019
GSI: https://www.getsysteminfo.com/report/579cc104e3548c2a460134d8b11d3a45
Today KTS is finding a threat in two Steganos Locknote executables - VHO:Trojan.Win32.Shelma.gen - and sends them to quarantine.
The contents of these Locknotes are not identical but there is a lot in common and neither Locknote has been updated in the last week, probably much longer.
I copied the contents to Notepad and scanned the txt file with KTS with no threat found. If I create a new Locknote with the contents of the txt file a threat is detected. During this process KTS is dealing with a tmp file in C:\Users\Controller\AppData\Local\Temp, which is, I assume, the temporary working file when the Locknote is decrypted.
A number of other Locknotes appear to work without problems and with no threats found.
Do you have any suggestions for a solution or workaround?
Thanks