cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
kblowe
Level 11
Report Inappropriate Content
Message 1 of 5
2 weeks ago

Malware detected - false positive

Hello,

ENS On-Access Scans (OAS) and On-Demand Scans (ODS) are triggering that "GenericRXWE-OT!2210F62E6B5A" is detecting software in C:\Windows\cmcache\ as Malware Detected on many Windows Server operating systems. We are on the latest ENS 10.7.0 April 2023 Update Repost. I have made exclusions to exclude the directory from OAS & ODS and did a quarantine restore. But the detection keeps occuring for On-Access Scan.

Its clearly a false positive. What can be done about this?

 

Reply
4 Replies
Daveb3d
MVP
Report Inappropriate Content
Message 2 of 5
2 weeks ago

Re: Malware detected - false positive

Using low/high risk processes? That might impact your exclusion.  

Is ccmexec.exe the accessing process? If so, better to set that as a low risk process than exclude the folder, and then don't scan low risk processes. 

0 Kudos
Reply
kblowe
Level 11
Report Inappropriate Content
Message 3 of 5
2 weeks ago

Re: Malware detected - false positive

Yes using low/high risk processes.

The file in the directory is setup.exe being deleted from malware/torjan majority of the time.

I don't want to exclude setup.exe, because that will allow setup.exe from any application/software.

Not to mention this all started on 6/30/2023 and we haven't had this problem before.

I take its something with the AMCore update that triggered this the GenericRXWE-OT!2210F62E6B5A detection.

0 Kudos
Reply
Daveb3d
MVP
Report Inappropriate Content
Message 4 of 5
a week ago

Re: Malware detected - false positive

I would just submit it to Trellix as a false positive.  

0 Kudos
Reply
kblowe
Level 11
Report Inappropriate Content
Message 5 of 5
a week ago

Re: Malware detected - false positive

Yup i'm going to do that, becasue I was able to do a ENS restore from quarantine, but on a few servers it continues to happen. thanks.

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC