I'm getting dllhost.exe as a false-positive.

ITSM

Hi,

Recently DataGuard is alerting "DataGuard detected an untrusted application that modified monitored files. Application: C:\Windows\System32\dllhost.exe", dllhost.exe is a windows genuine application which should not be detected as untrusted. Is there a way to or how can I make dllhost.exe trusted so I don't get these alerts from all hosts in the Policy Manager without turning off DataGuard protection. My Policy Manager is version 15.30.96312 and the hosts sending the alerts are Client Security Premium 15.21, 15.10.

JamesC

Hi,

You may have a broken connection to our backend.

Can you run our Connectivity Checker tool to determine what addresses are needed to be open in your firewall: https://download.sp.f-secure.com/connectivitytool/ConnectionChecker.exe

JamesC

Hi,

This can happen when the dllhost is trying to access files located in folders protected by Dataguard.

You may refer to this article: https://help.f-secure.com/product.html#business/psb-portal/latest/en/task_C898D0A4E51346DD8E99236D891D701F-psb-portal-latest-en, and add dllhost into the trusted applications list.

ITSM

Hi,

The link you referred is not active and I am trying to add the dllhost.exe in the trusted app list with the full folder path as per this article: https://help.f-secure.com/product.html#business/policy-manager/15.30/en/task_415132B65BD9491CA2FB611B7F0FBB5C-15.30-en but it is staying red, even though the path is correct.