Mosin
-
Posts
3 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Mosin
-
-
Thank you for getting back. Yes, it could just be a false positive, that I am unlucky to hit.
The details of the reports is:
Application Information: Source process ID: 17712 Source process name: VI Package Manager.exe Source application location: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe Source process command line: "C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe" Source application version: 2020.3.0.2532 Source application publisher: JKI Source application signers: James Kring, Inc. Prevention Information: Prevention date: 10. december 2020 Prevention time: 16:48:25 OS version: 10.0.18363.2.0.0.256.1 Component: WildFire Cortex XDR code: C0400055 Prevention description: Suspicious executable detected Verdict: 2 Quarantined: True Post-Detected: False Hash: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 1: C:\Program Files (x86)\JKI\VI Package Manager\VI Package Manager.exe Additional information 2: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 3: F0F72FE0796C9B8E9378241AEE3BCE0256E1AE1178C6DB5F71DBCFC5E097959E Additional information 4: 2
Which does not really tell me anything.
If I lookup the Hash for the process as given in the report, I find the following report from Virustotal:
Which indicate that it is not just Cortex that detects the exe as suspicious.
I do not know how to read the details of the report though, so I can not see how I might be able to resolve this.
-
Hi
After updating to VIPM 2020.3 on windows my Anti-Exploit software (Paloalto Cortex) stops it from starting, flagging a WildFire component as suspicious.
Is there any issues with the latest package?
VIPM 2020.3 - Recognise as malicious software by AntiVirus
in VI Package Manager (VIPM)
Posted · Edited by Mosin
Since there does not seem to be any actual security issue it could be just a waiting game.
I think my IT department might be able to submit the executable for reevaluation or as a false positive, I will see if I can get it fixed that way.
Thanks for the help.