Jump to content

Jeffry

Members
  • Posts

    8
  • Joined

  • Last visited

Kudos

  1. Upvote
    Jeffry gave kudos to Marcos in Chocolatey / 7zip package detected as PUA after recent update Win32/DealPly.VO   
    You can restore the files from quarantine. It was 7z.sfx which was detected incorrectly as as a PUA as a result of refactoring the DealPly PUA detection. The detection was actually temporarily disabled in 23636 buta it seems that pico updates have re-enabled it until 23637 was released.
  2. Upvote
    Jeffry gave kudos to Jamil-soc in Create exclusion for code injection rule   
    Hi Jeffry,
     
    Thank you for your message. The best way to exclude this detection would be to create an advanced exclusion.
    Below an example of an advanced exclusion to exclude code injection triggered by a legitimate process:
    <definition>
                <operations>
                    <operation type="CodeInjection">
                        <operator type="and">
                            <condition component="CodeInjectionInfo" property="CodeInjectionType" condition="is" value="ApcQueue" />
                            <condition component="FileItem" property="FileName" condition="is" value="ppwatchersvc64.exe" />
                            <condition component="FileItem" property="Path" condition="is" value="%PROGRAMFILES%\path\app\" />
                        </operator>
                    </operation>
                </operations>
    </definition>
     
    Change the FileName and Path accordingly. As mentioned above, this is an example, you can add or remove some conditions if needed. Then Select the rules being triggered and this should exclude the detections.
    I also noted that you location is the Netherlands. If you are looking for Dutch support or have any further questions please don't hesitate to contact us via https://techcenter.eset.nl/nl/new-ticket
    Best regards,

×
×
  • Create New...