SoCal_I.T.

Haven't seen this Detection Type Before, Please advise

Recommended Posts

Installed EAM onto a system, initial malware scan came back with zero results, ran another
the following morning, and it came back with a 

Double Pulsar (this i'm familiar with) location OS Kernel (First time i've seen this myself) but I understand
what that MIGHT mean.

I am NOT able to get any additional information at this time.

Screenshot attached

I'd like to believe this is some sort of False Positive?

I'm working with this system remotely, at this time, I don't have too many other options at the moment
until I am back on site where this computer is.

Thanks in advance for any and all input!

 

 

OS-Kernel Detection.PNG
Download Image

Share this post


Link to post
Share on other sites
2 hours ago, SoCal_I.T. said:

Double Pulsar (this i'm familiar with) location OS Kernel (First time i've seen this myself) but I understand what that MIGHT mean.

A DoublePulsar detection means two things:

  1. The patch for the EternalBlue exploit is not installed.
  2. The DoublePulsar exploit kit is actively being used to compromise the system.

All you have to do to resolve this issue is install the Windows Update that patches EternalBlue, and the easiest way to do that is just to open Windows Update manually and install all available updates (note that this may need to be done several times followed by a reboot each time).

Share this post


Link to post
Share on other sites
17 minutes ago, JeremyNicoll said:

> A DoublePulsar detection means two things:

Do you mean that just one of these situations would be enough, or do both need to apply?

DoublePulsar can't actively exploit the EternalBlue vulnerability if the patch is installed, and EAM won't detect DoublePulsar if it is not actively being used on the system. The detection is essentially a warning that the system is under attack, and to get Windows Updates installed ASAP.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.