Skip to main content
Duncan
Duncan
New Member
June 10, 2020
Question

False positive AV alert for calc.exe

  • June 10, 2020
  • 1 reply
  • 4559 views

Is anyone else getting an AV alert for calc.exe? Apparently infected by W64/Agent.ERTD!tr

It put me on high alert seeming our EMS server report this on a handful of our computers. But I then verified the file hash of calc.exe which remains stock (A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E).

Has anyone else had this issue?

    1 reply

    Yogesh
    Yogesh
    New Member
    June 30, 2020

    Hi,

     

    Please submit the file to online scanner in fortiguard services:

    https://fortiguard.com/faq/onlinescanner

     

    As per your description, there are chances that the Windows file has got infected or replicated (as like a trusted file) by a Worm, which is why the detection seems to be W64. This can be a backdoor trojan as well.

     

    You may try any of the stand-alone malware mitigation tools and see if it also detects that file as a threat.

    Regards,

    Yogesh 

    Duncan
    DuncanAuthor
    New Member
    July 1, 2020

    Thanks Yogesh. I submitted to the Fortiguard site which came back clean.

    Yogesh
    Yogesh
    New Member
    July 1, 2020

    Please submit it as false positive to Fortinet as directed here:

    https://forum.fortinet.com/FindPost/88948

     

    For time being, you may add it to exclusion list:

    https://help.fortinet.com/fclient/olh/5-6-2/FortiClient-5.6-Admin/900_Antivirus/0615_Manage%20exclusion%20lists.htm

     

    Regards,

    Yogesh

    Terms & ConditionsAccessibility statement