Have a Win 8.1 PC with Intercept X and twice in the last 2 months it has flagged the event -
What happened: We detected ransomware trying to encrypt files.
Path: C:\Windows\System32\SkyDrive.exe
What was detected: CryptoGuard
However, this is the Sync engine for the users Personal OneDrive installed on this machine. Does this suggest that the file (which is not in the standard install path) is compromised or does it report on a file contained WITHIN the OneDrive folder that is compromised ?
Is it just a false/positive ?
This thread was automatically locked due to age.