Hot!False positive AV alert for calc.exe

Author
Duncan
Bronze Member
  • Total Posts : 26
  • Scores: 2
  • Reward points: 0
  • Joined: 2018/09/11 20:10:29
  • Status: offline
2020/06/10 15:54:14 (permalink)
0

False positive AV alert for calc.exe

Is anyone else getting an AV alert for calc.exe? Apparently infected by W64/Agent.ERTD!tr
It put me on high alert seeming our EMS server report this on a handful of our computers. But I then verified the file hash of calc.exe which remains stock (A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E).
Has anyone else had this issue?
#1

3 Replies Related Threads

    Yogesh
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/05/22 04:29:08
    • Status: offline
    Re: False positive AV alert for calc.exe 2020/06/30 02:49:39 (permalink)
    0
    Hi,
     
    Please submit the file to online scanner in fortiguard services:
    https://fortiguard.com/faq/onlinescanner
     
    As per your description, there are chances that the Windows file has got infected or replicated (as like a trusted file) by a Worm, which is why the detection seems to be W64. This can be a backdoor trojan as well.
     
    You may try any of the stand-alone malware mitigation tools and see if it also detects that file as a threat.
    Regards,
    Yogesh 
    #2
    Duncan
    Bronze Member
    • Total Posts : 26
    • Scores: 2
    • Reward points: 0
    • Joined: 2018/09/11 20:10:29
    • Status: offline
    Re: False positive AV alert for calc.exe 2020/06/30 17:43:38 (permalink)
    0
    Thanks Yogesh. I submitted to the Fortiguard site which came back clean.
    #3
    Yogesh
    New Member
    • Total Posts : 14
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/05/22 04:29:08
    • Status: offline
    Re: False positive AV alert for calc.exe 2020/06/30 21:27:06 (permalink)
    0
    Please submit it as false positive to Fortinet as directed here:
    https://forum.fortinet.com/FindPost/88948
     
    For time being, you may add it to exclusion list:
    https://help.fortinet.com/fclient/olh/5-6-2/FortiClient-5.6-Admin/900_Antivirus/0615_Manage%20exclusion%20lists.htm
     
    Regards,
    Yogesh
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5