Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 2 subscribers
  • Views 3702 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Weekly Full On-Demand Scan Generated over 1200 emails

Navar Holmes

I have seen a number of post about 'Mal/Generic-S' and in the posts if is considered a false positive.

But last night with are weekly full on demand scan, I received over 1200 emails all referring to 'Mal/Generic-S'.

There are multiple emails for the same PC.

Also there is no alerts in the SEC for any of the 'Mal/Generic-S'.

Some the email say removed at the bottom but most don't.

Based on the example could it be that a GPO was applied that confused Sophos.

Last weeks full on demand scan generated no email alerts.

Example;

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-11792\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1136\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableSecureUIAPaths" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1971\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NofolderOptions" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-6743\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1971\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-14907\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-14361\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1971\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-8881\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-6743\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1971\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-18815\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-18744\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-18351\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-18257\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-17839\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-17757\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-17287\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-1726\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-17165\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-17161\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

Registry value "HKU\S-1-5-21-837616038-1341147964-1845911597-14907\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun" belongs to virus/spyware 'Mal/Generic-S'.

 



This thread was automatically locked due to age.
Parents Reply Children
No Data
Unfiltered HTML