Meaning of registry keys on Scanning report alerts

JachymM Posts: 5 New Member
edited March 2022 in WithSecure Business Suite


I would like to ask about the exact meaning the registry keys in Scanning report list. I see for example:


Infections found: 4

Cleaned: 4


C:\Program Files\QGIS 3.6\apps\grass\grass-7.6.0\bin\r.out.png.exe





The registry keys names look like standardly used. Does it mean the values were changed by the malware? The listed detection is False positive. Could be even the registry alert FP?

Related to this, does the information "Cleaned: 4" mean: Suspicious malware was removed from the executable? How was cleaned the standardly use registry key? Were they removed or set to default?

Can anybody clarify the meaning, please?



Accepted Answer

  • JamesC
    JamesC Posts: 458 Moderator
    Answer ✓

    Hi Jachym,

    The registry key changes is done by the USS engine in the product when a cleanup is invoked. In this case, the product is trying to clean (instead of delete as action in product setting) the exe file and at the same time reverts back the 3 registry keys to its default value (similar to how host file is being reverted to default when product is cleaning up infection).

    If you think the file is a false positive, do get them to submit the file to us through Submit A Sample (SAS) to get it fixed.


This discussion has been closed.