To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

DeepGuard blocks windows defender (msmpeng.exe)

Options
vlit
vlit W/ Alumni Posts: 3 Security Scout

Hello,

 

we currently have Client Security 13.11 build 110 installed on various Win10 machines.

Nearly daily we get 1 - 5 Notifications about DeepGuard Security alerts regarding blocked msmpeng.exe.

account: SYSTEM
Product: F-Secure DeepGuard (OID: 1.3.6.1.4.1.2213.53)
Severity: security alert (5)
Message: Action by malware was blocked.
 
Malware path: c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\msmpeng.exe
File hash: 82e7ffb4e780bf16f3c42d52e2c6b0a4ef48732c

f-securedeepguard.png

 

I have tried to exclude the filehash a few times on the PM, without success, also hash changes a lot, so thats not really a solution.

Any advice?

Comments

  • vlit
    vlit W/ Alumni Posts: 3 Security Scout
    Options

    Hello Vad,

     

    i had already added "msmpeng.exe" alone in this section, but as it states it needs full paths -> didn't work that way.

    i will try it with the full paths of reported msmpeng.exe now (fortunately there are only 2 different paths at the moment where msmpeng.exe lives). Will report if any notifications get send again. Thank you for now!

    excluded apps now:

    msmpeng.exe
    *msmpeng.exe
    c:\programdata\microsoft\windows defender\platform\4.18.1807.18075-0\msmpeng.exe
    c:\programdata\microsoft\windows defender\platform\4.12.17007.18022-0\msmpeng.exe

  • vlit
    vlit W/ Alumni Posts: 3 Security Scout
    Options
    Hello, i can confirm that i didn't got any more notifications about defender from 13.11 Clients. Thank you!
This discussion has been closed.