To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Meaning of registry keys on Scanning report alerts

JachymM W/ Alumni Posts: 5 Security Scout
edited March 2022 in Business Suite


I would like to ask about the exact meaning the registry keys in Scanning report list. I see for example:


Infections found: 4

Cleaned: 4


C:\Program Files\QGIS 3.6\apps\grass\grass-7.6.0\bin\r.out.png.exe





The registry keys names look like standardly used. Does it mean the values were changed by the malware? The listed detection is False positive. Could be even the registry alert FP?

Related to this, does the information "Cleaned: 4" mean: Suspicious malware was removed from the executable? How was cleaned the standardly use registry key? Were they removed or set to default?

Can anybody clarify the meaning, please?



Best Answer

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 524 Moderator

    Hi Jachym,

    The registry key changes is done by the USS engine in the product when a cleanup is invoked. In this case, the product is trying to clean (instead of delete as action in product setting) the exe file and at the same time reverts back the 3 registry keys to its default value (similar to how host file is being reverted to default when product is cleaning up infection).

    If you think the file is a false positive, do get them to submit the file to us through Submit A Sample (SAS) to get it fixed.


  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 524 Moderator

    Hi Jachym,

    I am checking this and will get back to you.

This discussion has been closed.