To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

F-secure notification about trojan file

DiAmi
DiAmi Posts: 31 Junior Protector
edited June 2024 in Elements Endpoint Protection (EPP)

Hello,

We have been getting F-Secure deletion notification for ReaderDCManifest3.msi from the Adobe ARM folder. Anyone had same issue? Can anyone tell me if this is a legitimate file? 


F-Secure Protection Service for Business has identified the following security incidents:

Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1

Wed, 28 April 2021 15:51:36 UTC| |%pcname%|Trojan:W32/Generic.0f8f5eb190!Online|Deleted|File|C:\Users\%user%\AppData\Local\Adobe\ARM\Reader_21.001.20150\ReaderDCManifest3.msi|

Best regards,

Dmitri

Best Answer

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator
    edited April 2021 Solved

    Hi Essicon

    It was a false positive and it's been fixed. If it still reports malicious, you can reboot the computer or clear its ORSP Cache.

    You may refer here on how to clear the cache.

Answers

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator

    Hi Dmitri,

    Are you able to submit a sample to our detection team, using this link - https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample

  • DiAmi
    DiAmi Posts: 31 Junior Protector

    Sure!


    Done!


    Br,


    Dmitri

  • Essicon
    Essicon Posts: 1 Security Scout

    Hi,

    We have also 2 cases of the same issue:

    ke, 28 huhtikuuta 2021 17:00:01 UTC |Trojan:W32/Generic.0f8f5eb190!Online|Poistettu|Tiedosto|C:\Users\...\AppData\Local\Adobe\ARM\Reader_21.001.20150\ReaderDCManifest3.msi|

     

    ke, 28 huhtikuuta 2021 18:43:02 |Trojan:W32/Generic.0f8f5eb190!Online|Poistettu|Tiedosto|C:\Users\...\AppData\Local\Adobe\ARM\Reader_21.001.20150\ReaderDCManifest3.msi|


    Regards,

    Essicon

This discussion has been closed.

Categories