Product defect: Critical oversight in file signing via catalog

  • 29 June 2016
  • 0 replies
  • 1101 views

Userlevel 7
Badge +6
Webroot antivirus does not understand catalog-signed files in Windows. For this reason it is detecting and monitoring multiple legitimate files in the latest Windows Insider build 14376. This caused multiple problems for me until I manually overrode the detection and monitoring.
 
I will be opening a business change-request for this, but I wanted to raise the issue here as well.
 
Wed 2016-06-29 10:04:58.0644 Infection detected: c:windowssystem32clipboardserver.dll [MD5: 6B3D026F760BE48681C46FEA4CD438CD] [3/00090000] [Pua.Adware.Crossrider]
Wed 2016-06-29 10:04:58.0644 File blocked in realtime: c:windowssystem32clipboardserver.dll [MD5: 6B3D026F760BE48681C46FEA4CD438CD, Size: 202240 bytes] [589824/00000003] [Pua.Adware.Crossrider]
 
[u] c:windowssystem32smss.exe [MD5: 29C8B4398BA087F5EC605F15F5810E94] [Flags: 00011000.21885]
[u] c:windowssystem32dwm.exe [MD5: 0533A4A6217F2B22C6168336097B9CE6] [Flags: 00010000.21887]
[u] c:windowssystem32winlogon.exe [MD5: AEEAD45BC94B7B88BD998A3635006E99] [Flags: 00010400.21775]
[u] c:program files
icoh device software managerservice
orchcdk.exe [MD5: 72DD27028810B7D69664D508271B635F] [Flags: 00191110.4928]
[u] c:windowssystem32wbemwmiprvse.exe [MD5: A097411308BF3AC5C228000875E046CC] [Flags: 00010000.21812]
[u] c:windowssystem32searchindexer.exe [MD5: D3B32426303381674AB43BCEB3DD632A] [Flags: 00010000.21828]
[u] c:windowssystem32vmms.exe [MD5: DF00A8E54C14BA83AE837A5DD902C286] [Flags: 00090000.21836]
[u] c:windowssystem32vmcompute.exe [MD5: 9A25329C12611701EFF166C8155CC6B6] [Flags: 00090000.21846]
[u] c:windowssystem32vmwp.exe [MD5: FDD1A460A08FDE3BDA0967204FA2CF5F] [Flags: 00091000.21851]
[u] c:windowssyswow64cmd.exe [MD5: DFE7CB637FE7E4BCE22C56087F5053F4] [Flags: 00000000.21813]
[u] c:windowssysnativedrivers unnel.sys [MD5: D9F69ED0DD2EA7FBA7EF8896A14EFA8F] [Flags: 00010000.21814]
[u] c:windowssysnativedwm.exe [MD5: 0533A4A6217F2B22C6168336097B9CE6] [Flags: 00010000.21887]
[u] c:windowssysnativesearchindexer.exe [MD5: D3B32426303381674AB43BCEB3DD632A] [Flags: 00010000.21828]
[u] c:windowssysnativesmss.exe [MD5: 29C8B4398BA087F5EC605F15F5810E94] [Flags: 00011000.21885]
[u] c:windowssysnativevmcompute.exe [MD5: 9A25329C12611701EFF166C8155CC6B6] [Flags: 00090000.21846]
[u] c:windowssysnativevmms.exe [MD5: DF00A8E54C14BA83AE837A5DD902C286] [Flags: 00090000.21836]
[u] c:windowssysnativevmwp.exe [MD5: FDD1A460A08FDE3BDA0967204FA2CF5F] [Flags: 00091000.21851]
[u] c:windowssysnativewinlogon.exe [MD5: AEEAD45BC94B7B88BD998A3635006E99] [Flags: 00010400.21775]

0 replies

Be the first to reply!

Reply