Sophos is currently investigating detections of Mal/Generic-S reported by a small number of customers during a Windows update. Customers may see the following alert:
File "C:\Windows\winsxs\Temp\PendingRenames\3975a596a21dd4018d1900007047c43d.wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_4ab46d1fe69c9ba2_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.
This has been determined to be a temporary file which is created during the update and not the final dnsapi.dll file.
The Windows update involved was: KB4338818. There is no known impact caused by this issue and Windows Update reports the computer is up to date afterwards.
This issue is known to affect Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 only.
The issue was resolved earlier today (11:15 UTC). Any new detections will be the result of cached data and can be ignored.
If you are still experiencing detections for this issue and are concerned please contact Sophos Support.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.