Webroot False Positive? Or compromised?

Webroot False Positive? Or compromised?

Postby stsbrad » 03.05.2019, 19:39

Hey guys,

So I've used WSUSOFFLINE since forever. This is the first time, that my site wide cloud AV software has reported wsusoffline as malware. It kicked the alert for UPDATEINSTALLER.EXE. I'm sure it's a false positive, and reported it as such, but can someone confirm there hasn't been a compromise? Here are the details.

Filename - UPDATEINSTALLER.EXE
Pathname - \WSUSOFFLINE\CLIENT\
Filesize - 924160
MD5 - 4356423293519404F01C6FBC1C877036
Malware Group - W32.Malware.Gen
First Seen - April 14th 2019, 20:36
Last Seen - May 3rd 2019, 18:07
Vendor - T. Wittrock
Product - WSUS Offline Update Installer
Version - 11.62.1035

Regards,
Brad
stsbrad
 
Posts: 1
Joined: 03.05.2019, 19:34

Re: Webroot False Positive? Or compromised?

Postby aker » 05.05.2019, 17:54

Could you check the archive's hashes before unpacking?

wsusoffline1162.zip
Size: 6555190
MD5: fd3a221a0cf870bb94bae8963e96a74e
SHA1: 0a7c2ed96751ed556b77b0a757ea051b57a7875c
'SHA256: 2d1638f567ba6181148992d92212627147cbb41305bd0083f8fded6f42b5fa4c

If they match, please report a false positive.
Some AV-vendors report all AutoIt3-EXEs as malware/risky/...
Wer Rechtschreibfehler findet, darf sie behalten oder an den Meistbietenden versteigern. / Everybody finding a misspelling is allowed to sell it.
aker
aker
 
Posts: 3196
Joined: 02.03.2011, 15:32
Location: %SystemRoot%\System32\Boot\winload.efi


Return to Installation / Updating

Who is online

Users browsing this forum: Google [Bot] and 9 guests