Jump to content

Emsisoft flagged as Trojan in MS Defender


Recommended Posts

Hello All,
I'm currently seeing a client machine being flagged with multiple trojans under a reputable Emsisoft service. Any help and or insight in appreciated. 
Please see the output below.
 

C:\> Get-MpThreatDetection
ActionSuccess                  : True
AdditionalActionsBitMask       : 0
AMProductVersion               : 4.18.2011.6
CleaningActionID               : 3
CurrentThreatExecutionStatusID : 1
DetectionID                    : {B596498A-D178-4AC4-9D31-CEA71081710C}
DetectionSourceTypeID          : 3
DomainUser                     : NT AUTHORITY\SYSTEM
InitialDetectionTime           : 12/21/2020 5:21:31 PM
LastThreatStatusChangeTime     : 12/21/2020 5:21:38 PM
ProcessName                    : C:\Program Files\Emsisoft Anti-Malware\a2service.exe
RemediationTime                : 12/21/2020 5:21:38 PM
Resources                      : {file:_C:\Windows\Temp\tmp00000268\tmp000684bc}
ThreatID                       : 2147757781
ThreatStatusErrorCode          : 0
ThreatStatusID                 : 4
PSComputerName                 : 
Link to post
Share on other sites
6 hours ago, ITCARE said:

C:\Windows\Temp\tmp00000268\tmp000684bc

That looks like the sort of path BitDefender's scan engine uses when extracting the contents of archives during a scan. I recommend checking to see if Emsisoft Anti-Malware was running a scan at the time, and if you can try to verify what archive it was extracting at the time. You may need to run the scan manually on a machine where you are seeing these detections in order to identify which file is being scanned when these detections occur.

Note that if Emsisoft Anti-Malware is configured to scan inside mail archives, the BitDefender engine will extract those to the TEMP folder as well.

An alternative is to disable whatever other protection is on the workstations where this is happening to see if Emsisoft Anti-Malware detects the files rather than the other software. If it does detect them, then that will make it easier for you to identify which archive contains the files being detected. If it doesn't detect them, then that could indicate a false positive on the part of the other software that's detection them.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...