![]() Note: legitimate applications are routinely abused by malicious attackers who for example use exploits or inject code into these applications in order to make them take malicious actions. If no other antivirus vendors are detecting it (instructions on how to check this below). If the file is detected by other antivirus vendors (instructions on how to check this below). Other recent detections on the same device.ĭuring the installation of new software to your environment (including new antivirus software). C:\Program Files (x86)\Acme Software\Installer\Acme Setup.exeĭetection of a file that was created at the time of the detection or shortly before.ĭetection of a file which has been on the device for a longer period of time i.e.Malicious indicatorĭetection of an unknown file, possibly with a random name, for example:ĭetection of known files that belong to a legitimate application*.Īn executable file in a temp/user data location eg:Įxecutable files that have a name relevant to the location or application they have been detected in. Even if a file exhibits all of the clean indicators it could still be malicious and likewise a clean file may show many suspicious indicators. ![]() ![]() It is important to use these purely as an indicator and not confirmation of a file being malicious or clean. The table below displays a list of malicious and clean indicators. For more details, take a look at įor malicious detections that you may wish to investigate further, some example detection names are: PUA detections may have names such as:Īs PUAs are not malicious it is up to you if you want these applications in your environment. It is important to treat every detection as malicious and not authorize anything in your environment unless you are confident it is safe to do so.įor Potentially Unwanted Application (PUA) detections these are not malicious but might not be what you want running on a corporate network. If you are investigating a detection because you believe it might be incorrect, you are most likely doing this because the files being detected are part of a legitimate application, or because you experienced an issue with your device after a detection.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |