To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

DeepGuard blocking files

Tercel
Tercel Posts: 8 Security Scout
edited June 20 in Elements Endpoint Protection (EPP)

We ran to this problem on a Win10Pro machine (running PSB Computer Protection 18.5) after the Autodesk Revit was installed. Everytime the machine starts up and user logs in, we get an alert message, which contains these lines: 

" Exploit:W32/AppLockerBypass.A!DeepGuard    Blocked    File  c:\windows\system32\regsvr32.exe  8eee4e2235f38644a213a1fcf0d3decf2b95d1e0"
and
"Exploit:W32/PowerShellStager.C!DeepGuard    Blocked    File  c:\windows\syswow64\windowspowershell\v1.0\powershell.exe  5f0692820151ac639fb8bd399bf087954d5bc46b"

 

On the computer screen it says "Potentially harmuful file detected. DeepGuard has closed an application that opened a potentially harmful web page or document." 

 

The strange thing is, that if we go to 'App and file control' window and open the 'Blocked' tab, it is empty. When running a manual scan or full computer scan, nothing is found. Any ideas what is causing this and what could be done to get rid of this? 

Comments

  • Tercel
    Tercel Posts: 8 Security Scout

    I have sent a private message to you. Thanks.

  • Tercel
    Tercel Posts: 8 Security Scout

    Hi again, 

     

    I'm closing this case by now. I got great service from F-Secure Customer Care and after few steps, I received instructions that worked. Thank you! 

  • filippopizzini
    filippopizzini Posts: 1 Security Scout

    I have the same problem if you could reply me in private message

  • Chotel
    Chotel Posts: 1 Security Scout

    Goodmorning the same problem to me, exception w.32/PowerShallStager.C/DeepGuard, sometimes Powershell runs itself...than Deepguard closes the windows...

    thank you in advance for your kind answer

     

  • Tercel
    Tercel Posts: 8 Security Scout

    Hi Chotel,

     

    I've had all kinds of cases after this special DeepGuard issue, and I've always received great service from F-Secure support team. Maybe you could create a support ticket, and I'm sure you'll get the instructions and help from them. You can request support here:

    https://www.f-secure.com/en/web/business_global/support/support-request

     

    I hope this helps you to move forward with your DeepGuard problem.

This discussion has been closed.

Categories