Help pdm:trojan.win32.genautorunmssqlservercommandrun.a

[Carlos Silva]

Hi i have this message in my small office, please see attached image.

 

regards,

Carlos Silva

[Carlos Silva]

any help?

[harlan4096]

Looks like a false positive ?

[Carlos Silva]

thanks.

[Atheer]

How we can solve it?

 

Event: Blocked
Application: SQL Server Windows NT - 64 Bit
User: NT AUTHORITY\SYSTEM
User type: System user
Component: System Watcher
Result description: Blocked
Type: Trojan
Name: PDM:Trojan.Win32.GenAutorunMsSqlServerCommandRun.a
Threat level: High
Object type: Process
Object path: C:\Program Files\Microsoft SQL Server\MSSQL10_50.ERBILNEW\MSSQL\Binn
Object name: sqlservr.exe
Databases release date: 27-07-2023 6:20:00 PM
MD5: 7396087F9212009B1B8FAC28C0B7B728

[harlan4096]

This could be a false positive, since sqlservr.exe seems a legit Microsoft file, but that detection is by behavior, so maybe was something it was executed by that app, I would contact directly to K. Support, They better will collect traces on Your case and identify better the possible threat.

[murat5038]

Also, the root folder name created can trigger this. It may have gotten this description because different version and customized names behave like malicious and run from suspicious folder in execution.

In addition, a version that has received an update but has not been committed to the Kaspersky database may have similar false alarms.
If the software you are running does not want an old MSSQL version, be careful to install the current version as much as possible.