Issue:
Elements Endpoint Protection portal's Security Events page shows Trojan:W32/GenInflated.B infection name for:
- C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\DeliveryOptimization\Cache\6b9a4d43-a587-4b92-882f-398e6d291cb5\content.bin\[50] PowerAutomateDesktop-11.2401.31.0-x64.msix\[1] AdaptiveCards.dll
Alert type on_demand_scanner.file_infection.nothing
Example SHA-1:
- 2dcf073e1c252d0b6106aa9e98ff7ee335fb29ac
- afc450c794c05185440a39076e7d766d25b31b7b
- c9612dd52736928d64c0c6c4a52f80f394752fea
- 52f4251fac3d15ce318a5ee7f963cbdece1c5c0e
Is this a false positive or not?
Resolution:
This Trojan:W32/GenInflated.B detection for adaptivecards.dll detection occurs because the AdaptiveCards.dll is over 800MB in size. We have released F-Secure Hydra Engine (64-bit) 2024-02-26_01) which should fix the issue. If you are still seeing this detection appearing on one or more devices, make sure you have the latest Hydra Engine version installed on the device. You can check the version by right-clicking the Elements Agent icon in the taskbar and then selecting Check for updates.
If you do not want to receive further security alerts about this detection, you can exclude the SHA-1 from the Elements profile:
- Log in to the Elements Security Center: https://elements.withsecure.com
- Open the Security configurations section from the menu on the left
- Go to the Profiles page
- Select the profile that is in use on your devices
- Note that only custom profiles can be edited. You can create a custom profile either by clicking "Create a profile" or cloning an existing profile
- Go to the General settings page in the profile
- Click Add exclusion in the Exclude folders and files from all security scans section
- Enter the SHA-1 value from the detection (Detections can be viewed from the Events > Security Events page)
- If you want to add multiple SHA-1 values, create separate exclusions for them by clicking Add exclusion again
- Click Save and publish
Article no: 000043918