Kaspersky
Question

Anti-Cryptor Protection identify a HEUR:Trojan.Multi.Crypmod.gen in my File Server run KES11

  • 14 September 2021
  • 1 reply
  • 212 views

All days Anti-Cryptor Protection identify a HEUR:Trojan.Multi.Crypmod.gen in my File Server run KES11 but i run scan in desktop from users and did not find a any virus or malware.

Please responde if a false positive because is problem is damage a reputation of Kaspersky and reclamation of executive people and maybe change to a other antivirus solution.

thanks.


1 reply

Badge

Hi, 

I got exactly the same in my file server today

Endpoint Kes 11.2 

 

Event "Malicious object detected" happened on computer XXXXX in the domain XXX_XXO on 16 September 2021 16:02:04 (GMT+00:00)
Result:     Detected: HEUR:Trojan.Multi.Crypmod.gen
User:     XXXXXXXXXX
Object:     System
Reason:     Behavior analysis
Database release date:     16/09/2021 10:40:00
Remote session:     0x6f0c6af92
Remote host:     - (XXXXXXXX3)

 

The interesting the user account which at that time was working remotely do not have access to the folder which the detection has happened

********************************************************************************

Event type:     Object not processed
Application:     System
Application\Name:     System
Application\Path:     System
User:     NT AUTHORITY\SYSTEM (System user)
Component:     File Threat Protection
Result\Description:     Untreated
Object:     Y:\UserFiles\XXXXXXX\D7BC910F.tmp
Object\Type:     File
Object\Path:     Y:\UserFiles\XXXXXXX\D7BC910F.tmp
Object\Name:     D7BC910F.tmp
Reason:     Size
 

 

Any ideas??

 


 

Reply