Is this a false Positive?

AntSpeed
AntSpeed W/ Alumni Posts: 1 Security Scout
in WithSecure Business Suite

On monday a number of the user in our organisation received an alert a virus was found and had been removed. The alert came up each time a user loaded the company Intranet page which is hosted by Office 365 using SharePoint. After a little more investigation we found it was only users that use Internet Explorer and switching to Chrome did not have the alert at all. 

 

We loaded a clean Windows 10 onto a spare laptop and installed Microsoft Security Essentials and it did not detect the virus. We then installed AVG and it also did not detect any virus. 

 

We call the Microsoft Support and they said it was a false positive.

 

The supposed infection is from JS.Nemucod.2.Gen which has been around for over a year and both MSE and AVG confirmed they are able to detect this strain.

 

We have about 50 users affected by this and it is a massive disruption because it requests most users to restart 

 

I have logged a ticket with F-Secure support on Monday and still no reply (ref:_00Db0JXpV._500b0mkIS7:ref)

 

We are using F-Secure Client Security 12 and 12.10 running on Windows 7 and Windows 10.

 

Any advice will be appreciated. 

Ant

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Hello,

     

    > I have logged a ticket with F-Secure support on Monday and still no reply

     

    In case of a false alert, don't contact tech support, as that would be like calling the mechanic in case of a car accident, instead of the ambulance, a detour, which slows down help delivery.

     

    There is an F-Secure webpage dedicated to file sample submission, where you can select "suspected false alarm":

    https://www.f-secure.com/en/web/labs_global/submit-a-sample

     

    Note: don't forget to expand the webform and include your address in the e-mail field, so that the lab can send you a message with the result of their investigation!

     

    Best Regards. Tamas Feher, Hungary.

  • Pupujussi
    Pupujussi W/ Alumni Posts: 1 Security Scout

    Having same issue with PSB 12.01 build 283 couple laptop running Win 7 Pro.

    Sent a sample file couple hours agoas the smaple didn't ring the bells with MBAM, AVG Free, Avira Free and MS Defender.

    Issue is somewhat weird as on last monday we had one problematic laptop, today there's two of them and at same time there's about 20 laptops with same configurations running with no virus notifications when one logs on to the Sharepoint with IE.

     

    Best regards,

    Tomi

     

This discussion has been closed.

Categories