This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

massive mail alerts : dnsapi.dll

Hello,

since this morning we have a lot of alert on PC:

File "C:\Windows\winsxs\Temp\PendingRenames\75f17bdfbd1dd401621600005c0e040d.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791" belongs to virus/spyware 'Mal/Generic-S'.

 

If we open the status of a PC in the console we have this entries:
Items detected Date/time Type Name Sub-type Details Reference Action taken Username 
17/07/2018 09:18:02 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Removed from quarantine listNT AUTHORITY\SYSTEM
17/07/2018 09:17:57 Virus/spyware Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\da32d2489e1dd40162160000a001140c.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Blocked NT AUTHORITY\SYSTEM

If I do a manual scan, nothing detected. Is there a chance of a false positive?

All the best.



This thread was automatically locked due to age.
Parents
  • We are getting the same alert from Sophos here.  It seems like a false positive on that dll, which looks like it is being updated as part of a Windows Update.

  • Can you tell what Windows Updates were pushed out today.

     

    Also other than the detection is there any impact caused by this? does the Windows Update break for example?

  • We pushed out this months batch of Windows Updates, and we only saw it on our Windows 7 installs (all x64).

    Doesn't appear to be affecting the computers as far as I can tell, plus we haven't had any more alerts since the initial batch all between 12:04pm and 12:08pm.  Enterprise Console isn't listing any computers with alerts, so maybe it was just a temporary moment of confusion.

Reply
  • We pushed out this months batch of Windows Updates, and we only saw it on our Windows 7 installs (all x64).

    Doesn't appear to be affecting the computers as far as I can tell, plus we haven't had any more alerts since the initial batch all between 12:04pm and 12:08pm.  Enterprise Console isn't listing any computers with alerts, so maybe it was just a temporary moment of confusion.

Children