DavidLamm Posted March 21, 2022 ID:1507923 Share Posted March 21, 2022 A component of our software is being flagged as a malware exploit. It was reported to us by a customer at Metrowest Medical Center. file Name: zzzPATViewer.exe Install path: %localappdata%\CloudPATio\DeviceHandlers\zzzPATViewer This is a component of CPIO our helper application that allows people to view/edit raw sleep study data. https://www.virustotal.com/gui/file/81d7a15189e4c9f5db5296bef86375adf54ed138d9c5ee2ebc492ff67f69f067?nocache=1 https://www.virustotal.com/gui/file/917473825b71e682642738db1696458277ec4294d550b0e1ceff5889fd2e58e3 What other info do you require to remove this false positive. Best, David Lamm Link to post Share on other sites More sharing options...
Staff cli Posted March 21, 2022 Staff ID:1507931 Share Posted March 21, 2022 Do you have logs from the detection? You can find directions in Upload Malwarebytes Support Tool logs offline. Thanks. Link to post Share on other sites More sharing options...
DavidLamm Posted March 21, 2022 Author ID:1507933 Share Posted March 21, 2022 I don't have logs. We are the developers of this software and it was reported to our Customer support desk. Is that required? It might take a while to acquire these logs. The end user will need to contact their own IT department who will likely have to contact their security team.... Link to post Share on other sites More sharing options...
Staff cli Posted March 21, 2022 Staff ID:1507937 Share Posted March 21, 2022 I see. Do you know the exact detection name? Link to post Share on other sites More sharing options...
DavidLamm Posted March 25, 2022 Author ID:1508522 Share Posted March 25, 2022 -Log Details- Protection Event Date: 3/24/22 Protection Event Time: 8:27 PM Log File: 4c98ec8a-abd2-11ec-a6c7-1c697a1bc89c.json -Software Information- Version: 4.5.4.168 Components Version: 1.0.1599 Update Package Version: 1.0.52808 License: Premium -System Information- OS: Windows 10 (Build 19043.1586) CPU: x64 File System: NTFS User: System -Exploit Details- File: 0 (No malicious items detected) Exploit: 1 Malware.Exploit.Agent.Generic, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat URL: (end) Link to post Share on other sites More sharing options...
Porthos Posted March 25, 2022 ID:1508545 Share Posted March 25, 2022 2 hours ago, DavidLamm said: Exploit: 1 Malware.Exploit.Agent.Generic, C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat, Blocked, 0, 392684, 0.0.0, , -Exploit Data- Affected Application: cmd Protection Layer: Application Behavior Protection Protection Technique: Exploit payload process blocked File Name: C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe \K cd C:\Users\diazi\AppData\Local\CloudPATio & run.bat URL: Please turn off the following non default setting and click apply. Link to post Share on other sites More sharing options...
DavidLamm Posted March 28, 2022 Author ID:1508902 Share Posted March 28, 2022 The customer is claiming this is already turned off. Is there another way for them to whitelist our application or exclude this directory? Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now