cmd.exe showing as suspicious file

[SPWebb1985 0]

Hi,

I am seeing the attached message on several of my servers recently, while Virus scans report nothing, is this something I need to do anything about? Or is it just ESET being cautious?

Has anyone else had this?

Windows Server 2008 R2 Standard

ESET File Security 4.5.12005.0

Windows Updates and Virus Definitions are all up to date.

Thanks

Scott

[Marcos 5,127]

Ignore this. The file was indeed suspicious for some reason but it was not detected. Actually you're using a very old version of EFSW 4.5 which already reached its end of life in 2016 according to https://support.eset.com/kb3592/#efsw.

While module updates are still provided, EFSW 4.5 cannot protect you from new borne malware effectively enough. Moreover, it was made long before Windows Server 2008 R2 was available so it doesn't natively support it and you may run into issue.

I strongly recommend uninstalling EFSW 4.5 and installing EFSW v7 from scratch.

[SPWebb1985 0]

Thanks for the info Marcos, I will speak to our hosting team.

[Wealthy 0]

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

[Marcos 5,127]

8 minutes ago, Wealthy said:

Is there a way to disable these files from alerting on our client devices? 

c:\Windows\system32\windowspowershell\v1.0\powershell.exe

Please make sure that you are using the latest version of ESET's security product. In new versions you set up specifically what types of files can be submitted and you're not asked for confirmation before submission.