Jump to content

cmd.exe showing as suspicious file


Recommended Posts

Hi,

I am seeing the attached message on several of my servers recently, while Virus scans report nothing, is this something I need to do anything about? Or is it just ESET being cautious?

Has anyone else had this?

Windows Server 2008 R2 Standard

ESET File Security 4.5.12005.0

Windows Updates and Virus Definitions are all up to date.

Thanks

Scott

Screenshot 2019-06-25 at 16.32.33.png

Link to comment
Share on other sites

  • Administrators

Ignore this. The file was indeed suspicious for some reason but it was not detected. Actually you're using a very old version of EFSW 4.5 which already reached its end of life in 2016 according to https://support.eset.com/kb3592/#efsw.

While module updates are still provided, EFSW 4.5 cannot protect you from new borne malware effectively enough. Moreover, it was made long before Windows Server 2008 R2 was available so it doesn't natively support it and you may run into issue.

I strongly recommend uninstalling EFSW 4.5 and installing EFSW v7 from scratch.

Link to comment
Share on other sites

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

Link to comment
Share on other sites

  • Administrators
8 minutes ago, Wealthy said:

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

Please make sure that you are using the latest version of ESET's security product. In new versions you set up specifically what types of files can be submitted and you're not asked for confirmation before submission.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...