Hey guys,
So I've used WSUSOFFLINE since forever. This is the first time, that my site wide cloud AV software has reported wsusoffline as malware. It kicked the alert for UPDATEINSTALLER.EXE. I'm sure it's a false positive, and reported it as such, but can someone confirm there hasn't been a compromise? Here are the details.
Filename - UPDATEINSTALLER.EXE
Pathname - \WSUSOFFLINE\CLIENT\
Filesize - 924160
MD5 - 4356423293519404F01C6FBC1C877036
Malware Group - W32.Malware.Gen
First Seen - April 14th 2019, 20:36
Last Seen - May 3rd 2019, 18:07
Vendor - T. Wittrock
Product - WSUS Offline Update Installer
Version - 11.62.1035
Regards,
Brad