This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

False Positive? CryptoGuard detected ransomware in WINWORD.EXE

We just received an alert for one of our machines: CryptoGuard detected ransomware in C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

However, we can find no evidence of ransomware and believe this is a false positive. Has anyone else had issues with WINWORD.EXE? 

This thread was automatically locked due to age.
Parents Reply Children
  • Mitigation CryptoGuard

    Platform 6.1.7601/x64 v593 06_3f
    PID 6484
    Application C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    Description Microsoft Word 14

    Filename C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE


    Process Trace
    1 C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE [6484]
    "C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE" /n "\\domain.local\Shares\folder\filename.docx"
    2 C:\Windows\explorer.exe [6736]
    3 C:\Windows\System32\userinit.exe [9012]
    4 C:\Windows\System32\winlogon.exe [6180]
    5 C:\Windows\System32\smss.exe [6360]
    \SystemRoot\System32\smss.exe 00000000 00000048
    6 C:\Windows\System32\smss.exe [356]
    7 [4]
