cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
User84466004
Level 7
Report Inappropriate Content
Message 1 of 2
‎03-15-2023 10:29 AM

hpcEN114.chm false positive?

In our environment I seem to have an ongoing issue with virus alerts being triggered under specific circumstances. The malware notice is as follows:

Threat Category: Malware detected

Threat Type: Potentially Unwanted Program

Threat Name: Susp Attachment!chm

Threat Severity: Critical

Threat Event ID: 1027

File Infected: C:\Users\redacted\AppData\Local\Temp\hpcEN114.chm

Event Description: Infected file deleted.

Threat Handled: True

Detection Method: On-Access Scan

Detection UTC Time: 03/15/23 13:23:23 UTC

Received UTC Time: 03/15/23 13:27:11 UTC

DAT: 5101.0

Source Process: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

 

The way these alerts are triggered is always when the user is using Outlook, opens an attachment, tries to print the attachment.

Research leads me to believe the .chm file is an HP printer help file that is detected as potentially malicious.

The HP printers installed for these users range in models but I have been unable as of yet to confirm if they are all using a similar version of a HP universal driver.

Has anyone dealt with this issue in the past or have any insight?

0 Kudos
Reply
1 Reply
ueno
Employee
Employee
Report Inappropriate Content
Message 2 of 2
‎03-15-2023 06:01 PM

Re: hpcEN114.chm false positive?

Hi @User84466004,

Although we could not immediately confirm the information on the file detected in this case, it is possible that it is a false positive if it is a file used in an HP printer, but we need to analyze it once in our lab to accurately determine if it is a false positive or not.

Therefore, if you need to determine for sure whether a detected file is malware or not, please submit a service request for analysis.

Please refer to the following KB for instructions on how to send detected files to us.

[Submit potential false positives from the product or through GTI to Trellix Advanced Research Center]

https://kcm.trellix.com/corporate/index?page=content&id=KB85567

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC