I tried to submit this via a support ticket but it doesn't allow me to enter my password.
I uploaded one of the files, spriter.exe, to virustotal.com and it is only hitting on webroot so I'm thinking false positives. Here is scan info from my log:
Mon 2017-04-24 16:03:51.0632 Performing cleanup entry: 8
Mon 2017-04-24 16:03:51.0927 End passive write scan (6 file(s))
Mon 2017-04-24 16:03:54.0036 Scan Started: [ID: 406 - Flags: 1575/128]
Mon 2017-04-24 16:04:35.0520 Infection detected: c:program filescanonprint studio procnpspapp.exe [MD5: CD90CC76609BEDB3C96D02A222840308] [3/00091411] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:35.0520 Infection detected: e:steamlibrarysteamappscommoncommand modern air naval operationscommand.exe [MD5: 899C8F65A68D4338D6A0DA097A3EDDB1] [3/10081001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:40.0929 Infection detected: c:usersandroappdata
oaminggamemaker-studioyycwindowsuapexex86winuaprunner.exe [MD5: 20FBBF64F5E1DF867E0005AF031D6B19] [3/00080011] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:50.0058 Infection detected: e:steamlibrarysteamappscommonattlezone 98 reduxattlezone98redux.exe [MD5: 0441A9C1B53AFB8FB5FF69F1AA03D9FD] [3/08080001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:56.0982 Infection detected: e:steamlibrarysteamappscommonspriterspriter.exe [MD5: 57B5433954076D20426A229E1BDC8D22] [3/00000001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:56.0982 Infection detected: e:steamlibrarysteamappscommoncommand modern air naval operationsgamemenu_cmanoautorun.exe [MD5: 5CEAC3EC1728E0C2926E3AD58A41D97C] [3/10081001] [W32.Trojan.Gen]
Mon 2017-04-24 16:04:59.0890 Infection detected: c:usersandroappdata
oaminggamemaker-studioyycwindowsuapexex64winuaprunner.exe [MD5: 9A0178B18C9DCE6589C8E6D1AC680207] [3/00090011] [W32.Trojan.Gen]
Mon 2017-04-24 16:05:00.0437 Scan Results: Files Scanned: 17929, Duration: 1m 6s, Malicious Files: 7
Mon 2017-04-24 16:05:00.0594 Scan Finished: [ID: 406 - Seq: 191448274]
Already have an account? Login
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.
I am getting False Positives as well...Maybe
Here are my False Positives:
Our Team is aware of the rule causing False Positives and is actively working now to resolve. Please stay tuned for updates.
How long should have the restore have taken and I hope this gets fixed VERY quickly before it flags anymore of my servers as malicious.
What is everyone's recommendation about removing server files? Do you have it set to automatically resolve or just send the alert so that you can determine what to do with the file?
I'm not sure what all it screwed up but one of the exes was needed to raise admin privileges. It finally had multiple scans going at once and just locked my PC for 20 minutes. That's when I just gave up, powered on, and disabled it. I have this deployed on hundreds of clients and servers at my company so I hope this doesn't wipe us out today.
It appears some update today has screwed things up badly.
Windows 10 64bit Faster insider ring.
It is also hitting our management tools so this has the potential to become a huge labor issue.
Do you have any recommended policy settings that we can setup as a new policy to temporarily put a halt to them?
Thank you for your patience and sticking with us while we troubleshoot this issue.
More to come as soon as we have it.
I am sure that the Support & Development Teams are working flat out and will have the issue sorted very shortly...as they usually do.
Please at least provide what we should be making the policy set to to avoid the issue...