Skip to main content

JoeSandbox.com False Positive on WRSA.exe

JoeSandbox.com False Positive on WRSA.exe
TylerM
Administrator
Forum|alt.badge.img+25
  • Sr. Security Analyst & Community Manager
  • 1274 replies

We were alerted that JoeSandbox.com was marking the current version of WRSA.exe as potentially malicious, noting PoisonIvy. We have confirmed with the team at JoeSandbox that this is a false positive detection and they have now made changes to reflect the correct state of WRSA.exe. 

We will update this post with information from JoeSandbox if it becomes available.  

Did this help you find an answer to your question?

2 replies

Forum|alt.badge.img+8
  • New Voice
  • 36 replies
  • July 25, 2021

I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?


TylerM
Administrator
Forum|alt.badge.img+25
  • Author
  • Sr. Security Analyst & Community Manager
  • 1274 replies
  • July 26, 2021
remote-it wrote:

I’m really glad to hear that this was a false positive, but can Webroot please confirm that WRSA does not have ‘Remote Access’ capabilities that can potentially be exploited by threat actors?

 

The PoisonIvy ‘Remote Access Trojan’ was a confirmed False Positive detection for our executable and we have no further update from JSB on their erroneous detection. 

The other "warnings" Joe Sandbox alerts are all things that are totally normal for security suite


Reply