This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

false positive - dasHost.exe identified as ransomware

The md5 hash of this file, 66CFAA5940A06DAF10F5203BC2B1A5AB, is detected on 65+ Windows 8.1 hosts on our network. The Device Association Framework Provider Host is a legitimate part of Windows 8 & does not exhibit any odd behavior when executed inside a sandbox. This is the alert received in the cloud console:

High alert received from Sophos Central: CryptoGuard detected ransomware in C:\Windows\System32\dasHost.exe

I have opened a support case regarding this issue a couple of days ago but have not yet received a satisfactory answer.

-Gary



This thread was automatically locked due to age.