SHA1 infection

CreativePC
CreativePC W/ Alumni Posts: 12 Security Scout

Hi

 

Last two weeks my customers are getting this error without any explanation where the infected file is

F-Secure Protection Service for Business has identified the following security incidents:
Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

 

What to do?

Comments

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Hi,

     

    if these alerts have the SHA1 checksum, then these alerts are coming from the Deepguard. But can you explain where they see these? I just tested this with Deepguard and it nicely shows also the file location in PSB new portal under Infected object like:

     

    \\?\c:\users\testuser\downloads\test.exe

    b2d43a95958180b591ba52928d881fec57912506
     

    Also the configured infection email from PSB portal, has the same file location. It is missing the sha at the moment, but that will be fixed soon.

     

    Petri

  • PetriKuikka
    PetriKuikka W/ Member Posts: 236 Threat Terminator

    Hi,

     

    and there is another case, where the infection object is missing in the infection emails, when system finds an infection during manual scanning or scheduled scanning. These again have explaining text in portal side, but still missing from infection emails. Also these will be fixed in next few releases.

     

    Petri

  • CreativePC
    CreativePC W/ Alumni Posts: 12 Security Scout

    Hi, Yes when servers are doing schedule/manual scanning the portal is giving me this alert:

     

    An infection was found during a manual scan. As manual scan report details are not uploaded to the portal, please check the report on the local computer.

     

    And the email alert gives this alert:

    F-Secure Protection Service for Business has identified the following security incidents:

    Time;Account;Host;Infection;Action;Type;Infected Object;Infected Object SHA1

      2016-09-26 05:29:41UTC  Customername  Servername     Reported    File   

     

     And customer says that nothing is showned locally at server, so its a bit hard to find which file is causing this.

     

  • CreativePC
    CreativePC W/ Alumni Posts: 12 Security Scout

    Thanks. I will contact the customer again.

This discussion has been closed.