Jump to content

False Positive on Heidleberg Engineering Software Still


BobSoul

Recommended Posts

I have had this happen a few weeks before and it was corrected but once again its detecting the software again this time other files in the program folder

 

  • Category: Malware
  • Group name: NF
  • Public endpoint IP: 
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: C:\PROGRAMDATA\{54EBF5CA-E498-4C12-9E66-E1831EEFE584}\SPECTRALIS.EXE
  • Policy name: 
  • Report time: October 7th 2022, 14:13:22 UTC
  • Scan time: October 7th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: file
  •  
  • Category: Malware
  • Group name: 
  • Public endpoint IP: 
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{999594F7-3B8F-45A7-9DCA-7C3EF1287CB0}
  • Policy name: 
  • Report time: October 7th 2022, 14:13:22 UTC
  • Scan time: October 7th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: reg_key
  •  
  • Category: Malware
  • Group name: 
  • Public endpoint IP: 
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Heidelberg SPECTRALIS Software
  • Policy name: 
  • Report time: October 7th 2022, 14:13:22 UTC
  • Scan time: October 7th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: reg_key

I wasnt in office today to get the diag files or the exe file ... wont be able to till when we re open on monday since machine is now turned off, however the following threads show the history of theses detections before with links to previous ones as well in same post

 

 

Edited by BobSoul
Link to post
Share on other sites

I did just check the nebual dashboard and they do not appear in the quarantine list - though on the endpoints scan shows they where quarantined... maybe cause the endpoint is offline -- or was it fixed since this morning and files not actually quarantined?

 

Link to post
Share on other sites

Still happening again  - this morning - different machine -- same thing heidleberg software  once again

 

  • Category: Malware
  • Group name: OP
  • Public endpoint IP:
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Heidelberg Eye Explorer
  • Policy name: 
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: reg_key
  • Category: Malware
  • Group name: OP
  • Public endpoint IP
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: C:\PROGRAMDATA\{9F5B1D86-96A8-483E-948D-07A8B60BA16A}\SPECTRALIS.EXE
  • Policy name: 
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: file
  • Category: Malware
  • Group name: 
  • Public endpoint IP:
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Heidelberg SPECTRALIS Software
  • Policy name: Retina Consultants
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: 
  • Threat name: Malware.Sandbox.1
  • Type: reg_key
  • Category: Malware
  • Group name: OP
  • Public endpoint IP: 
  • Endpoint name:
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: C:\PROGRAMDATA\{68C74785-CBE5-4ED8-A4BC-24DAADFC09B7}\SETUP.EXE
  • Policy name: 
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: file
  • Category: Malware
  • Group name
  • Public endpoint IP:
  • Endpoint name: 
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{CA920751-9922-42DB-AD51-F199D40F2F0A}
  • Policy name: Retina Consultants
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: reg_key
  • Category: Malware
  • Group name: 
  • Public endpoint IP:
  • Endpoint name:
  • OS platform: Windows
  • OS release name: Microsoft Windows 10 Home
  • Location: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{999594F7-3B8F-45A7-9DCA-7C3EF1287CB0}
  • Policy name: 
  • Report time: October 10th 2022, 14:26:05 UTC
  • Scan time: October 10th 2022, 14:01:01 UTC
  • Action taken: Quarantined
  • Threat name: Malware.Sandbox.1
  • Type: reg_key

Same files as before and the previous linked posts -- adding files again

and logs

Trying to make an exclusion for these is problematic cause the programdata folder name may not always be the same based on install 

Running these files against Emsisoft always comes up clean and they are the original files from heidleberg this i have verfied

 

 

Spectralis.zip

Setup.zip

112810017_MalwarebytesDiagnostics(7).zip

Link to post
Share on other sites

  • BobSoul changed the title to False Positive on Heidleberg Engineering Software Still

Ok thank you the versions may vary like you noticed based on the types of features installed for the hardware ( OCT or FA functions workstation with camera or without etc )

When would the next database update appear ? just so I know not to bug you if more machines get flagged ... :)

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.