This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Detections: MS Store App with Defense Evasion Asynchronous Procedure Call

Hi, maybe somebody can help me to identify what's going on. I have one workstation with a official MS store app "Your Phone". Sophos detect a RISK 7 level on this command: "C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22012.160.0_x64__8wekyb3d8bbwe\YourPhone.exe" -ServerName:App.AppX9yct9q388jvt4h7y0gn06smzkxcsnt8m.mca

MITRE attack: Defense Evasion Asynchronous Procedure Call

Is this a false positive alert or how should I handle this?



This thread was automatically locked due to age.
Parents Reply Children
  • Hi Patrik,

    I have checked the case ID which has been created upon submitting through our sample submission portal and I can see that the attached file has been stripped off. You might need to resubmit the sample file Zip the file before attaching it as a sample. Once re-submitted our lab's team will analyze the sample and get back to you.
    Based on the available information that we got from this forum this has been flagged by our product as there might be a malicious code being injected into this application. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids