Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 14 subscribers
  • Views 15692 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

chromedriver ransomeware alert

Jayesh Thakkar

Hello, 

One of our machines is generating this alerts when user is trying to run automations on the chromedriver. It says ransomeware detected. CryptoGuard trying to encrypt files. Can someone please assist or have experienced the same. Let me know what to do and how to resolve it. 



This thread was automatically locked due to age.
Parents
  • +1

    Hi Jayesh,

    Thanks for reaching out to the Sophos Community Forum. 

    I suggest checking the detection details in Event ID 911 in the Windows Application Event log. You can also find the same information in Sophos Central by clicking the "Details" button on the detection event. 

    If the observed operations match what the automation is programmed to do exactly, then the app/automation may be working as intended, and an exclusion can be considered. 

    If you can provide the event details here, I can try to advise further. A similar topic was raised in the thread I linked below, the details shared may provide more insight into why/how these detections are generated. 
    - False positive for javaw.exe

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0 in reply to Qoosh

    Thank you for the quick response. Please see the details below as required. 

    Detection ID: 2b5938aa6d63a60c085f3011d7995bc9937b967a80ff9607335d907cc223bf2c

Reply Children
Unfiltered HTML