Jump to content

VIPM 2020.3 - Recognise as malicious software by AntiVirus


Recommended Posts

Hi @Mosin

Thanks for letting us know. To my knowledge, you're the first report of this.

I see that Paloalto Cortex uses AI to determine the likelyhood of a threat. So, it could simply be that nobody has trained it on VIPM 2020.3 yet 🙂

That said, I'd like to learn more.

Can you post more details, like a screenshot or copy+paste of the report?

Link to post
Share on other sites

Thank you for getting back. Yes, it could just be a false positive, that I am unlucky to hit.

The details of the reports is:

Application Information:
Source process ID: 17712
Source process name: VI Package Manager.exe
Source application location: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe
Source process command line: "C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe"
Source application version: 2020.3.0.2532
Source application publisher: JKI
Source application signers: James Kring, Inc.

Prevention Information:
Prevention date: 10. december 2020
Prevention time: 16:48:25
OS version: 10.0.18363.2.0.0.256.1
Component: WildFire
Cortex XDR code: C0400055
Prevention description: Suspicious executable detected
Verdict: 2
Quarantined: True
Post-Detected: False
Hash: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E
Additional information 1: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe
Additional information 2: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E
Additional information 3: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E
Additional information 4: 2

Which does not really tell me anything.

If I lookup the Hash for the process as given in the report, I find the following report from Virustotal:

https://www.virustotal.com/gui/file/f0f72fe0796c9b8e9378241aee3bce0256e1ae1178c6db5f71dbcfc5e097959e/detection

Which indicate that it is not just Cortex that detects the exe as suspicious.

I do not know how to read the details of the report though, so I can not see how I might be able to resolve this.

Edited by Mosin
Link to post
Share on other sites

Since there does not seem to be any actual security issue it could be just a waiting game.

I think my IT department might be able to submit the executable for reevaluation or as a false positive, I will see if I can get it fixed that way. 

Thanks for the help.

Edited by Mosin
  • Like 1
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.