Michael_wp 0 Posted July 8 Posted July 8 Hello, Today on our computers Eset detected Win64/GenKryptik.GNVE in a file/application which was already used for some weeks (ovpnconnecter.exe - part of Open VPN) Is it a false positive ? Here the hash 48937C35DA724A6806A180AF241910E4889A0FB5
Administrators Marcos 5,466 Posted July 8 Administrators Posted July 8 Please provide logs collected with ESET Log Collector. This detection was removed in 2023.
Administrators Marcos 5,466 Posted July 8 Administrators Posted July 8 Attachments uploaded here are accessible only by the ESET staff. I would say they don't contain any confidential data anyways. Alternatively you can upload the archive to OneDriver, Google Drive, Dropbox, etc. and drop me a private message with a download link.
Administrators Marcos 5,466 Posted July 8 Administrators Posted July 8 Where did you see the detection? The Detections log is empty and there are no on-demand scan logs either.
Michael_wp 0 Posted July 8 Author Posted July 8 Here the log once again - with non Standard settings. ees_logs__08_07_2.zip
Administrators Marcos 5,466 Posted July 8 Administrators Posted July 8 The logs seem to be same as before, also the time is same. collector_log.txt [13:37:47.335] WARNING: Not running under administrator account. Nevertheless, I see the file in quarantine which should be enough for analysis. Will keep you posted.
itman 1,807 Posted July 8 Posted July 8 Verify that your OpenVPN software is up to date. Of note, refer to OVPNX vulnerability referenced here: https://openvpn.net/security-advisories/ .
Administrators Solution Marcos 5,466 Posted July 8 Administrators Solution Posted July 8 It was a false positive, the detection was removed an hour ago and a new update is being built as we speak.
Recommended Posts