Jump to content

Hitman Pro hmpalert.exe false positive listed as Trojan.Dridex


AdamPilat
 Share

Recommended Posts

Malwarebytes detected hmpalert.exe as malware listed as trojan.dridex. Service has been running on servers, and desktops for months as part of Sophos Intercept X Advanced. Verified detected file has same version, hash, signature. Saw older tickets where same service triggered false positives in 2016. Support said it was resolved but does not appear to be.

2020-06-22_11-44-16.jpg

2020-06-22_12-06-19.jpg

Link to post
Share on other sites

Cli,

  I added an exception for the file. What is odd is it triggered a quarantine only on windows servers, not on any workstations. It also only triggered on 3 of 9 servers on completely different networks with no inter connectivity. I removed the exception, and tried a right click scan and it found nothing. I will leave the exception off, and see if it quarantines them again. All of the events occurred on 6/12 between 04:07 AM and 05:46 AM. See attached photo. Thanks.

 

 

2020-06-22_14-33-20.jpg

2020-06-22_14-35-34.jpg

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.