Jump to content

Emsisoft flagged as Trojan in MS Defender

Recommended Posts

Hello All,
I'm currently seeing a client machine being flagged with multiple trojans under a reputable Emsisoft service. Any help and or insight in appreciated. 
Please see the output below.

C:\> Get-MpThreatDetection
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.2011.6
CleaningActionID               : 3
CurrentThreatExecutionStatusID : 1
DetectionID                    : {B596498A-D178-4AC4-9D31-CEA71081710C}
DetectionSourceTypeID          : 3
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 12/21/2020 5:21:31 PM
LastThreatStatusChangeTime     : 12/21/2020 5:21:38 PM
ProcessName                    : C:\Program Files\Emsisoft Anti-Malware\a2service.exe
RemediationTime                : 12/21/2020 5:21:38 PM
Resources                      : {file:_C:\Windows\Temp\tmp00000268\tmp000684bc}
ThreatID                       : 2147757781
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 4
PSComputerName                 : 
Link to comment
Share on other sites

6 hours ago, ITCARE said:


That looks like the sort of path BitDefender's scan engine uses when extracting the contents of archives during a scan. I recommend checking to see if Emsisoft Anti-Malware was running a scan at the time, and if you can try to verify what archive it was extracting at the time. You may need to run the scan manually on a machine where you are seeing these detections in order to identify which file is being scanned when these detections occur.

Note that if Emsisoft Anti-Malware is configured to scan inside mail archives, the BitDefender engine will extract those to the TEMP folder as well.

An alternative is to disable whatever other protection is on the workstations where this is happening to see if Emsisoft Anti-Malware detects the files rather than the other software. If it does detect them, then that will make it easier for you to identify which archive contains the files being detected. If it doesn't detect them, then that could indicate a false positive on the part of the other software that's detection them.

Link to comment
Share on other sites

This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...