Endpoint Protection

View Only

Back to discussions

SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

1. SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

3 Recommend
ThomasHiggins
Posted Jul 19, 2018 07:23 AM

Reply Reply Privately
Hi All,

Wondering who else is getting the following file being marked as Trojan.Gen.NPE.2?

C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain_31bf3856ad364e35_10.0.15063.447_none_7c88931f3a3f40fd\LockApp.exe

This is only started today, and it's being reported across our entire Windows 10 estate, I am wondering if it is a false positive?

Cheers.
2. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

0 Recommend
ThomasHiggins
Posted Jul 19, 2018 07:31 AM

Reply Reply Privately
We are also experiencing the file "C:\Windows\WinSxS\amd64_microsoft-windows-sechealthui.appxmain_31bf3856ad364e35_10.0.15063.0_none_c404762d16ccc3b7\SecHealthUI.exe" being marked as Trojan.Gen.NPE.2 also.
3. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

0 Recommend
ℬrίαη
Posted Jul 19, 2018 11:48 AM

Reply Reply Privately
It's Norton Power Eraser which is more aggressive. If running from SEPM it should not be removed but more of an alert.
4. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2
Best Answer

0 Recommend
ThomasHiggins
Posted Jul 19, 2018 11:57 AM

Reply Reply Privately
Hi All, I have been informed by Symantec that yes, it is a false positive, and they will be releasing updated definitions so that this goes away.
5. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

0 Recommend
arh0770
Posted Jul 19, 2018 01:42 PM

Reply Reply Privately
So how do we get the files back? This is a real inconvience for a Symantec mistake.
6. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

0 Recommend
VessN
Posted Jul 20, 2018 09:45 AM

Reply Reply Privately
Got the same issue yesterday, opened a case with Symantec. Today I saw this thread and manually updatd my virus definitions and it looks like the fie is no longer flagged as infected.

Endpoint Protection

SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

ThomasHigginsJul 19, 2018 07:23 AM

ThomasHigginsJul 19, 2018 07:31 AM

ℬrίαηJul 19, 2018 11:48 AM

ThomasHigginsJul 19, 2018 11:57 AMBest Answer

arh0770Jul 19, 2018 01:42 PM

VessNJul 20, 2018 09:45 AM

1. SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

2. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

3. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

4. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2 Best Answer

5. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

6. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2

4. RE: SEP reporting C:\Windows\WinSxS\amd64_microsoft-windows-lockapp.appxmain\LockApp.exe as Trojan.Gen.NPE.2
Best Answer