This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Virus/spyware 'Troj/Badsrc-M

I am getting the following alerts for a few machines:

Virus/spyware 'Troj/Badsrc-M' has been detected in "\\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy6\pagefile.sys". Cleanup failed.

 

I believe this to be a false positive, but am not sure, and further, if it is a false positive I don't know how to make it go away. Any help is greatly appreciated.



This thread was automatically locked due to age.
Parents
  • Hello Kris Mortensen,

    you might occasionally encounter this and a few other (false positive) detections with shadow copies of the pagefile or "database" (e.g. *.edb) files. These can safely be ignored acknowledged. From the console select the affected endpoints, right-click, Resolve alerts and errors ... → select and Acknowledge. Or from the local GUI's Quarantine manager select and Clear from list.

    Christian

Reply
  • Hello Kris Mortensen,

    you might occasionally encounter this and a few other (false positive) detections with shadow copies of the pagefile or "database" (e.g. *.edb) files. These can safely be ignored acknowledged. From the console select the affected endpoints, right-click, Resolve alerts and errors ... → select and Acknowledge. Or from the local GUI's Quarantine manager select and Clear from list.

    Christian

Children