Sophos has finished investigating detection's of Mal/Generic-S reported by a small number of customers during a Windows update. Customers may see the following alert:
File "C:\Windows\winsxs\Temp\PendingRenames\3975a596a21dd4018d1900007047c43d.wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_4ab46d1fe69c9ba2_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.
This has been determined to be a temporary file which is created during the update and not the final dnsapi.dll file.
The Windows update involved was: KB4338818. There is no known impact caused by this issue and Windows Update reports the computer is up to date afterwards.
This issue is known to affect Windows 7 Service Pack 1 and Windows Server 2008 R2 Service Pack 1 only.
The issue was resolved Last July 17 2018 (11:15 UTC). Any new detection's will be the result of cached data and can be ignored.
If you are still experiencing detection's for this issue and are concerned please contact Sophos Support.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.