Jump to content

Archived

This topic is now archived and is closed to further replies.

SPWebb1985

cmd.exe showing as suspicious file

Recommended Posts

Hi,

I am seeing the attached message on several of my servers recently, while Virus scans report nothing, is this something I need to do anything about? Or is it just ESET being cautious?

Has anyone else had this?

Windows Server 2008 R2 Standard

ESET File Security 4.5.12005.0

Windows Updates and Virus Definitions are all up to date.

Thanks

Scott

Screenshot 2019-06-25 at 16.32.33.png

Share this post


Link to post
Share on other sites

Ignore this. The file was indeed suspicious for some reason but it was not detected. Actually you're using a very old version of EFSW 4.5 which already reached its end of life in 2016 according to https://support.eset.com/kb3592/#efsw.

While module updates are still provided, EFSW 4.5 cannot protect you from new borne malware effectively enough. Moreover, it was made long before Windows Server 2008 R2 was available so it doesn't natively support it and you may run into issue.

I strongly recommend uninstalling EFSW 4.5 and installing EFSW v7 from scratch.

Share this post


Link to post
Share on other sites

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

Share this post


Link to post
Share on other sites
8 minutes ago, Wealthy said:

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

Please make sure that you are using the latest version of ESET's security product. In new versions you set up specifically what types of files can be submitted and you're not asked for confirmation before submission.

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...