This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware Activity Detected - Path: C:\Windows\System32\SkyDrive.exe

Have a Win 8.1 PC with Intercept X and twice in the last 2 months it has flagged the event - 

What happened: We detected ransomware trying to encrypt files.

Path: C:\Windows\System32\SkyDrive.exe

What was detected: CryptoGuard

 

However, this is the Sync engine for the users Personal OneDrive installed on this machine. Does this suggest that the file (which is not in the standard install path) is compromised or does it report on a file contained WITHIN the OneDrive folder that is compromised ?

Is it just a false/positive ?



This thread was automatically locked due to age.