NewBoundaryTechnologies Posted May 16 ID:1567692 Share Posted May 16 Installed in c:\Program Files (x86)\New Boundary\Client\PTClient.exe This software is used for remote management which include remote installation of software and inventorying of software for licensing. Currently seeing a false positive. Link to post Share on other sites More sharing options...
Staff miekiemoes Posted May 16 Staff ID:1567696 Share Posted May 16 Hi, Please zip and attach the PTClient.exe being detected and/or the detection log. Thanks! Link to post Share on other sites More sharing options...
NewBoundaryTechnologies Posted May 16 Author ID:1567708 Share Posted May 16 -Log Details- Scan Date: 5/16/23 Scan Time: 2:14 AM Log File: 46988ac2-f3b9-11ed-bcba-989096a5b2f8.json -Software Information- Version: 4.5.28.266 Components Version: 1.0.2005 Update Package Version: 1.0.69538 License: Premium -System Information- OS: Windows 10 (Build 19044.2965) CPU: x64 File System: NTFS User: System -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Scheduler Result: Completed Objects Scanned: 493803 Threats Detected: 6 Threats Quarantined: 0 Time Elapsed: 15 min, 48 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 2 Malware.AI.311903854, C:\PROGRAM FILES (X86)\NEW BOUNDARY\CLIENT\PTCLIENT.EXE, No Action By User, 1000000, 311903854, , , , , 7830C49E3AB23A2E842D0F1E7FCCF854, 23FDB34463A7FF17F265CCF8842E728E2C656F7599D58AB7BF05B1E74FAC033F Malware.AI.311903854, C:\PROGRAM FILES (X86)\NEW BOUNDARY\CLIENT\PTCLIENT.EXE, No Action By User, 1000000, 311903854, , , , , 7830C49E3AB23A2E842D0F1E7FCCF854, 23FDB34463A7FF17F265CCF8842E728E2C656F7599D58AB7BF05B1E74FAC033F Module: 2 Malware.AI.311903854, C:\PROGRAM FILES (X86)\NEW BOUNDARY\CLIENT\PTCLIENT.EXE, No Action By User, 1000000, 311903854, , , , , 7830C49E3AB23A2E842D0F1E7FCCF854, 23FDB34463A7FF17F265CCF8842E728E2C656F7599D58AB7BF05B1E74FAC033F Malware.AI.311903854, C:\PROGRAM FILES (X86)\NEW BOUNDARY\CLIENT\PTCLIENT.EXE, No Action By User, 1000000, 311903854, , , , , 7830C49E3AB23A2E842D0F1E7FCCF854, 23FDB34463A7FF17F265CCF8842E728E2C656F7599D58AB7BF05B1E74FAC033F Registry Key: 0 (No malicious items detected) Registry Value: 1 Malware.AI.311903854, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Prism Deploy Client, No Action By User, 1000000, 311903854, , , , , , Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 1 Malware.AI.311903854, C:\PROGRAM FILES (X86)\NEW BOUNDARY\CLIENT\PTCLIENT.EXE, No Action By User, 1000000, 311903854, 1.0.69538, 002D407FBD7A6F9A1297466E, dds, 02298579, 7830C49E3AB23A2E842D0F1E7FCCF854, 23FDB34463A7FF17F265CCF8842E728E2C656F7599D58AB7BF05B1E74FAC033F Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Staff miekiemoes Posted May 17 Staff ID:1567798 Share Posted May 17 Hi, The above sample isn't in our repository, so I can't verify if it's a valid detection or not (although, it does look like an FP, but I always want to make sure, just in case if it's file infected + we need the sample for our Machinelearning engine to train on it), so can you please zip and attach the PTClient.exe file? Thanks! Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now