This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detections: MS Store App with Defense Evasion Asynchronous Procedure Call

Hi, maybe somebody can help me to identify what's going on. I have one workstation with a official MS store app "Your Phone". Sophos detect a RISK 7 level on this command: "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22012.160.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca

MITRE attack: Defense Evasion Asynchronous Procedure Call

Is this a false positive alert or how should I handle this?



This thread was automatically locked due to age.
  • Hi, 

    Thank you for reaching us, to further validate this alert, can you help us send this sample through our sample submission portal in order for our lab's team to analyze this exe file that has been flagged. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • Thank you for your answer. I sent the sample file yesterday. How long will take to get answer, do you have experience with this?
    Regards Patrik

  • Hi Patrik,

    I have checked the case ID which has been created upon submitting through our sample submission portal and I can see that the attached file has been stripped off. You might need to resubmit the sample file Zip the file before attaching it as a sample. Once re-submitted our lab's team will analyze the sample and get back to you.
    Based on the available information that we got from this forum this has been flagged by our product as there might be a malicious code being injected into this application. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids