False positive DesktopCentral

[fittan]

Hi, I received a ton of notifications this morning (3 AM EST) that a file in my DesktopCentral agent (by ManageEngine) is a malware. Can someone confirm if this a false positive or not? Thanks.

Malware.AI.28863885

Quarantined

C:\PROGRAM FILES (X86)\DESKTOPCENTRAL_AGENT\BIN\MDMREGISTRATIONHANDLER_64.EXE

[miekiemoes]

Hi,

Please zip and attach the detected file together with the full detection log, as we can't do much with above detection line only.

Thanks!

[fittan]

mdmregistrationhandler.zip

Attached is the zipped detected file. How can I generate full detection log? I am running Malwarebytes Endpoint Nebula.

On the client, there's only option to "Start thread scan". There is no tabs, or any options to pull log. 

On the server (cloud.malwarebytes.com), I also can't find any option to pull log.

Please advise. Thanks.

[miekiemoes]

Hi,

The file only should basically be ok though.

however, you attached the wrong file, so it seems, as I need the MDMREGISTRATIONHANDLER_64.EXE file (in this case, you attached the mdmregistrationhandler.exe file, where I can't reproduce detection on)

So can you check again for the MDMREGISTRATIONHANDLER_64.EXE file located in the C:\PROGRAM FILES (X86)\DESKTOPCENTRAL_AGENT\BIN\ folder? (I assume you have unquarantined the file first, as this is most probably a false positive).

Thanks!

[fittan]

My bad.mdmregistrationhandler_64.zip...attached should be the correct file. 

[miekiemoes]

Thanks! This should no longer be detected anymore.

[fittan]

Thanks!