This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

false positive - dasHost.exe identified as ransomware

The md5 hash of this file, 66CFAA5940A06DAF10F5203BC2B1A5AB, is detected on 65+ Windows 8.1 hosts on our network. The Device Association Framework Provider Host is a legitimate part of Windows 8 & does not exhibit any odd behavior when executed inside a sandbox. This is the alert received in the cloud console:

High alert received from Sophos Central: CryptoGuard detected ransomware in C:\Windows\System32\dasHost.exe

I have opened a support case regarding this issue a couple of days ago but have not yet received a satisfactory answer.

-Gary



This thread was automatically locked due to age.
Parents Reply Children
  • HI gdriggs, 

    This will be resolved in the next release . 

    No ETA of the release date.

    Thanks 

    Aditya Patel

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • I just got one today on a Windows 10 box. 

  • 2 and a half years later - has that fix came out yet? This issue is still occurring.

  • Hello  

    The issue is resolved since 28th June 2017. If you do encounter the same issue, kindly let us know and will shall check again.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • Aditya Patel said:
    Hello
     

    If you do encounter the same issue, kindly let us know and will shall check again.

    Seriously? What part of "This issue is still occurring." did you have trouble with?

    Yes. Same problem. Twice within one week. System administrators kick the computers from the network whenever Sophos reports anything.

  • Hello ,

    It does seem this issue would need to be investigated, could you please raise a Support Case with Sophos Support?

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support

    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.