SoCal_I.T.

Haven't seen this Detection Type Before, Please advise

Recommended Posts

Installed EAM onto a system, initial malware scan came back with zero results, ran another
the following morning, and it came back with a 

Double Pulsar (this i'm familiar with) location OS Kernel (First time i've seen this myself) but I understand
what that MIGHT mean.

I am NOT able to get any additional information at this time.

Screenshot attached

I'd like to believe this is some sort of False Positive?

I'm working with this system remotely, at this time, I don't have too many other options at the moment
until I am back on site where this computer is.

Thanks in advance for any and all input!

 

 

OS-Kernel Detection.PNG
Download Image

Share this post


Link to post
Share on other sites
2 hours ago, SoCal_I.T. said:

Double Pulsar (this i'm familiar with) location OS Kernel (First time i've seen this myself) but I understand what that MIGHT mean.

A DoublePulsar detection means two things:

  1. The patch for the EternalBlue exploit is not installed.
  2. The DoublePulsar exploit kit is actively being used to compromise the system.

All you have to do to resolve this issue is install the Windows Update that patches EternalBlue, and the easiest way to do that is just to open Windows Update manually and install all available updates (note that this may need to be done several times followed by a reboot each time).

Share this post


Link to post
Share on other sites
17 minutes ago, JeremyNicoll said:

> A DoublePulsar detection means two things:

Do you mean that just one of these situations would be enough, or do both need to apply?

DoublePulsar can't actively exploit the EternalBlue vulnerability if the patch is installed, and EAM won't detect DoublePulsar if it is not actively being used on the system. The detection is essentially a warning that the system is under attack, and to get Windows Updates installed ASAP.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.