Jump to content

bkd_rage

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I have been experiencing several Windows Defender detections like the one below where every single time I trace the process pid in the defender event it traces back to one of the Malwarebytes ig.exe processes. I understand that process id's get reused, but I have seen this occurring on several systems and the pid always ties back to an ig-#.exe process. I have also checked the hashes and they are all digitally signed with 0 detections and this is occurring with different Security intelligence versions. Is anyone else experiencing this? Example process names: C:\Program Files\Malwarebytes\Anti-Malware\ig-17.exe C:\Program Files\Malwarebytes\Anti-Malware\ig-5.exe C:\Program Files\Malwarebytes\Anti-Malware\ig-19.exe Example event: Name: Behavior:Win32/PowEmotet.SB ID: 2147805329 Severity: Severe Category: Suspicious Behavior Path: behavior:_pid:5276:82135149762278; process:_pid:5276,ProcessStart:132827990610065328 Detection Origin: Unknown Detection Type: Concrete Detection Source: System User: Process Name: Unknown Action: Not Applicable Action Status: No additional actions required Error Code: 0x00000000 Error description: The operation completed successfully. Security intelligence Version: AV: 1.353.2078.0, AS: 1.353.2078.0, NIS: 1.353.2078.0 Engine Version: AM: 1.1.18700.4, NIS: 1.1.18700.4 Hash & VT results: https://www.virustotal.com/gui/file/6170b82019bee18ba159d967336a671fcf31f66aad00c90e8ae892046810020a
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.