JoeSandbox.com False Positive on WRSA.exe

  • 14 July 2021
  • 2 replies
  • 289 views
JoeSandbox.com False Positive on WRSA.exe
Userlevel 7
Badge +22
  • Sr. Security Analyst & Community Manager
  • 626 replies

We were alerted that JoeSandbox.com was marking the current version of WRSA.exe as potentially malicious, noting PoisonIvy. We have confirmed with the team at JoeSandbox that this is a false positive detection and they have now made changes to reflect the correct state of WRSA.exe. 

We will update this post with information from JoeSandbox if it becomes available.  


2 replies

Userlevel 4
Badge +8

I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?

Userlevel 7
Badge +22

I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?

 

The PoisonIvy ‘Remote Access Trojan’ was a confirmed False Positive detection for our executable and we have no further update from JSB on their erroneous detection. 

The other "warnings" Joe Sandbox alerts are all things that are totally normal for security suite

Reply