Jump to content

BobSoul

Members
  • Content Count

    10
  • Joined

  • Last visited

Everything posted by BobSoul

  1. Also note that these are not all on the same networks ( 2 machines only on same network) the rest on different networks, not connected. Total 5 machines. All using same endpoint software
  2. No other exploit detections or blocks are shown beyond this file detection - rescans come up clean after...
  3. It does appear to be machines with older installers on it .... The machines that have a more current installer do not detect... so I am wondering if its the older versions possibly causing the detections.
  4. The (1) in the file name is cause there are two files from updating the version a few months back so I know it was downloaded on this machine 2x
  5. It was another file name but here it is D3E772470CD9EDB1EE058FCCE4AC713414E37974975551D266189A8E369787A7 { "applicationVersion" : "3.8.5.2971", "chromeSyncResetQueryRequested" : false, "chromeSyncResetQueryResult" : false, "clientID" : "Endpoint Agent:ee1b5ffb-681f-4848-9e20-9859a07ecb29", "clientType" : "agentScan", "componentsUpdatePackageVersion" : "1.0.651", "cpu" : "x64", "dbSDKUpdatePackageVersion" : "1.0.17296", "detectionDateTime" : "2020-07-27T19:56:09Z", "fileSystem" : "NTFS", "id" : "3762537d-d043-11ea-a796-a41f728
  6. I just looked and that machine does not have that scan result file any longer has all the ones before and after though
  7. I have looked at the file and it is the Macrium reflect install file so far on each machine. Been trying to determine if its a certain update version of the file or not cause this just started sunday night and last night.. depending when each machine ... Let me see if i can get that file off one of the machines that detected it.
  8. Scan Log Details Endpoint name: Jerryofficewin8 Scan date and time: 07/27/2020 3:56:09 PM Version: 3.8.5.2971 Component package version: 1.0.651 Protecti
  9. I have had several machines using end point protection... keep detecting Reflectdl.exe as the emotet trojan, when in fact i know this file is the macrium reflect download installer. The location of the file is correct ( c:\users\username\downloads\) I'm assuming this is a false detection and I have been seeing it only one machines which have the installer and macrium reflect installed on. Just looking for a confirmation and to make you aware of the false detection.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.