I need a solution
Has there been any known false positives with SEP 14 detecting updateagent.dll as Trojan.Gen.NPE.2? I know there was a known false-positive for sechealthui.exe recently. Basically, my question is has anyone else experienced this recently, and does anyone know if Symantec is aware already, or should I submit a report?
| Risk name: | Trojan.Gen.NPE.2 |
| Risk severity: | 1 |
| Discovered: | 12/20/2016 00:00:00 |
| Download site: | N/A |
| Downloaded or created by: | N/A |
| File or path: | C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.16299.245_none_bacd821279b53501\updateagent.dll |
| Application: | updateagent.dll |
| Version: | |
| File size: | 199729 |
| Category set: | Malware |
| Category type: | Virus |
| SHA-256 Hash: | C940426955135B9690FD7AD0ABBE62E75D2DDC26A2A232BC60FE0DEF81AE2F7D |
| SHA-1 Hash: | C724F3E7A509D8FFA114448F2913C857292B0B1D |
| MD5 Hash: | 74016824F3F7C55082DFB52C7556DF32 |
| Company: | N/A |
| Certificate issuer: | N/A |
| Certificate signer: | N/A |
| Certificate SHA-1 thumbprint: | N/A |
| Certificate serial number: | N/A |
| Signature timestamp: | N/A |
Risk Detection
| Date found: | 07/27/2018 09:14:00 |
| Description: | |
| Actual action: | Cleaned by deletion |
| Specified primary action: | Clean |
| Specified secondary action: | Quarantine |
| Detection source: | Auto-Protect |
| Risk detection method: | Signature-based Detection |
| URL tracking: | Off |
| Source computer: | |
| Event type: | Virus found |
| Database insert date: | 07/27/2018 09:14:35 |
| Event end date: | 07/27/2018 09:14:00 |
| Event client date: | 07/27/2018 09:14:00 |
| Permitted application reason: | Not on the permitted application list |
| Intensive Protection Level: | Level 1 |
Risk Reputation
| First seen: | Symantec has known about this file approximately 2 weeks. |
| Reputation: | There is strong evidence that this file is untrustworthy. |
| Prevalence: | This file has been seen by fewer than 5 Symantec users. |
| Performance impact: | High |
| Overall rating: | High |
| Detection reason: | Antivirus engine |
| Minimum sensitivity level: | N/A |
0