In our environment I seem to have an ongoing issue with virus alerts being triggered under specific circumstances. The malware notice is as follows:
Threat Category: Malware detected
Threat Type: Potentially Unwanted Program
Threat Name: Susp Attachment!chm
Threat Severity: Critical
Threat Event ID: 1027
File Infected: C:\Users\redacted\AppData\Local\Temp\hpcEN114.chm
Event Description: Infected file deleted.
Threat Handled: True
Detection Method: On-Access Scan
Detection UTC Time: 03/15/23 13:23:23 UTC
Received UTC Time: 03/15/23 13:27:11 UTC
Source Process: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE
The way these alerts are triggered is always when the user is using Outlook, opens an attachment, tries to print the attachment.
Research leads me to believe the .chm file is an HP printer help file that is detected as potentially malicious.
The HP printers installed for these users range in models but I have been unable as of yet to confirm if they are all using a similar version of a HP universal driver.
Has anyone dealt with this issue in the past or have any insight?