Recently symantec flagged the following exe and hkey
C:\WINDOWS\SYSTEM32\SMSS.EXE
'HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\TechExtensions\CidsMan\
Anybody seen this before? false positive?
Not yet, but, looks to be the case.
you should get the hash and upload to virustotal.
If it appears to be, I'd get support on the phone.
Are you sure it wasn't related to tamper protection?
This seems to be a False Positive.
However, I would suggest you to upload the same to Symantec and on VirusTotal.
Hi RG,
Was this with SEP? Or SymDiag's Threat Analysis Scan? Can you provide more details?