We received a high alert on one of our workstations. The user was transferring files from their phone via Bluetooth.
CryptoGuard detected ransomware in C:\Windows\System32\fsquirt.exe
We ran a scan and it came up clean. There's nothing in the events or detections history related to this alert. I'm confused. False positive? We cut the machine off as soon as the alert popped up. I ran scans with some other tools. Everything came out clean and fsquirt.exe is the original file.
This thread was automatically locked due to age.