KB4577671-x64.cab false positive

[Help Desk San 1]

Is this a false positive reading?

Windows10.0-KB4577671-x64.cab\amd64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_10.0.18362.1139_none_e2c1b7a0af8b9b8a\r\sdbinst.exe, 不明なSTEALTH.CRYPT.TSR.DRIVER

A large number of them are occurring on internal devices.

If you have any information, please let me know.

Thank you for your support.

[Marcos 4,606]

Please submit the file in an archive encrypted with the password "infected" to samples[at]eset.com.

It's a file with the exe extension but in fact it's not an executable. Plus it fulfills several other conditions to get scanned by an old DOS heuristics which evaluated it as suspicious.

[Sharad 0]

Hello, we are also having the same exact issue with the same file.  It is appearing on several computers.

[Marcos 4,606]

The false positive was fixed in the engine update 22149.

[Help Desk San 1]

Hello Sharad

This is resolved in engine version 22149.

In Japan, it has been corrected.

[DaveHarding 0]

We're getting the same alert on many devices since Windows Updates last night.

We're currently running version 5.0.2272

[Marcos 4,606]

4 hours ago, DaveHarding said:

We're getting the same alert on many devices since Windows Updates last night.

We're currently running version 5.0.2272

The detection was fixed about 15 hours before you posted here.

Also please keep in mind that you are running a legacy version v5 which is not supported and it's necessary to upgrade to the latest v7.3 or 6.5 (in case of Windows XP or Vista).