Endpoint Protection

 View Only
  • 1.  False Positive?

    Posted Aug 16, 2017 12:08 PM

    Recently symantec flagged the following exe and hkey

    C:\WINDOWS\SYSTEM32\SMSS.EXE

    'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\TechExtensions\CidsMan\

    Anybody seen this before? false positive?



  • 2.  RE: False Positive?

    Posted Aug 16, 2017 12:15 PM

    Not yet, but, looks to be the case.

    you should get the hash and upload to virustotal.

    If it appears to be, I'd get support on the phone.

    Are you sure it wasn't related to tamper protection?



  • 3.  RE: False Positive?

    Trusted Advisor
    Posted Aug 21, 2017 12:11 PM

    This seems to be a False Positive.

    However, I would suggest you to upload the same to Symantec and on VirusTotal.



  • 4.  RE: False Positive?

    Posted Aug 22, 2017 03:45 AM

    Hi RG,

    Recently symantec flagged the following exe and hkey

    Was this with SEP?  Or SymDiag's Threat Analysis Scan?  Can you provide more details?