Jump to content

Recommended Posts

Posted
Hello, I'm after some advice. We use KES 11.0.6499 pf5101 on our estate of around 800 Windows 10 devices. We also use this alongside Windows Defender Advanced Threat Protection. We have an instance of one device triggering a suspected false positive. This tends to happen without user intervention i.e. this threat occured outside of office hours when the user had simply logged off the machine and left it turned on for the day. I'm wondering if someone can confirm or provide clarification on this alert. Any advice would be appreciated Event type: A backup copy of the object was created Application\Name: Windows Defender Advanced Threat Protection Service Executable Application\Path: C:\Program Files\Windows Defender Advanced Threat Protection\ Application\Process ID: 4348 User: F4\xxxx (Active user) Component: File Threat Protection Result\Description: Backup created Result\Type: Adware Result\Name: not-a-virus:HEUR:AdWare.Script.SearchExt.gen Result\Threat level: Medium Result\Precision: Partially Object: C:\Users\xxxx\AppData\Local\Temp\7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Object\Type: File Object\Path: C:\Users\xxxx\AppData\Local\Temp\ Object\Name: 7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Hash: 94ba1af36e29fd4775e113a2e75dc3ed9e481695e067d967ad96daa2fb860b1a
Dmitry Parshutin
Posted
Hello, I'm after some advice. We use KES 11.0.6499 pf5101 on our estate of around 800 Windows 10 devices. We also use this alongside Windows Defender Advanced Threat Protection. We have an instance of one device triggering a suspected false positive. This tends to happen without user intervention i.e. this threat occured outside of office hours when the user had simply logged off the machine and left it turned on for the day. I'm wondering if someone can confirm or provide clarification on this alert. Any advice would be appreciated Event type: A backup copy of the object was created Application\Name: Windows Defender Advanced Threat Protection Service Executable Application\Path: C:\Program Files\Windows Defender Advanced Threat Protection\ Application\Process ID: 4348 User: F4\xxxx (Active user) Component: File Threat Protection Result\Description: Backup created Result\Type: Adware Result\Name: not-a-virus:HEUR:AdWare.Script.SearchExt.gen Result\Threat level: Medium Result\Precision: Partially Object: C:\Users\xxxx\AppData\Local\Temp\7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Object\Type: File Object\Path: C:\Users\xxxx\AppData\Local\Temp\ Object\Name: 7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Hash: 94ba1af36e29fd4775e113a2e75dc3ed9e481695e067d967ad96daa2fb860b1a
Hello! First of all you need to check target host to some advertising applications and extensions for browsers. Thank you!
Posted
Hello, I'm after some advice. We use KES 11.0.6499 pf5101 on our estate of around 800 Windows 10 devices. We also use this alongside Windows Defender Advanced Threat Protection. We have an instance of one device triggering a suspected false positive. This tends to happen without user intervention i.e. this threat occured outside of office hours when the user had simply logged off the machine and left it turned on for the day. I'm wondering if someone can confirm or provide clarification on this alert. Any advice would be appreciated Event type: A backup copy of the object was created Application\Name: Windows Defender Advanced Threat Protection Service Executable Application\Path: C:\Program Files\Windows Defender Advanced Threat Protection\ Application\Process ID: 4348 User: F4\xxxx (Active user) Component: File Threat Protection Result\Description: Backup created Result\Type: Adware Result\Name: not-a-virus:HEUR:AdWare.Script.SearchExt.gen Result\Threat level: Medium Result\Precision: Partially Object: C:\Users\xxxx\AppData\Local\Temp\7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Object\Type: File Object\Path: C:\Users\xxxx\AppData\Local\Temp\ Object\Name: 7745a4f1-50e3-42fa-a4f0-3cda56888e0c.tmp Hash: 94ba1af36e29fd4775e113a2e75dc3ed9e481695e067d967ad96daa2fb860b1a
Hello! First of all you need to check target host to some advertising applications and extensions for browsers. Thank you!
Hello, I believe that the most likely culprit was that the user was synchronising their personal google account with Google Chrome. We're in the process of initiating a full scan after disabling it and will update further if there is any known issues. Thanks,
Nikolay Arinchev
Posted
Hi, Thank you for that info! Please keep us updated!
Posted
Looks good so far. This can be closed now. Thanks for the suggestion!

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...