Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Duncan
New Contributor III

False positive AV alert for calc.exe

Is anyone else getting an AV alert for calc.exe? Apparently infected by W64/Agent.ERTD!tr

It put me on high alert seeming our EMS server report this on a handful of our computers. But I then verified the file hash of calc.exe which remains stock (A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E).

Has anyone else had this issue?

3 REPLIES 3
Yogesh
New Contributor

Hi,

 

Please submit the file to online scanner in fortiguard services:

https://fortiguard.com/faq/onlinescanner

 

As per your description, there are chances that the Windows file has got infected or replicated (as like a trusted file) by a Worm, which is why the detection seems to be W64. This can be a backdoor trojan as well.

 

You may try any of the stand-alone malware mitigation tools and see if it also detects that file as a threat.

Regards,

Yogesh 

Duncan
New Contributor III

Thanks Yogesh. I submitted to the Fortiguard site which came back clean.

Yogesh
New Contributor

Please submit it as false positive to Fortinet as directed here:

https://forum.fortinet.com/FindPost/88948

 

For time being, you may add it to exclusion list:

https://help.fortinet.com/fclient/olh/5-6-2/FortiClient-5.6-Admin/900_Antivirus/0615_Manage%20exclus...

 

Regards,

Yogesh

Top Kudoed Authors