Is anyone else getting an AV alert for calc.exe? Apparently infected by W64/Agent.ERTD!tr
It put me on high alert seeming our EMS server report this on a handful of our computers. But I then verified the file hash of calc.exe which remains stock (A103A57D50B32469C5811E2808F021ADF9D9220093B540B8A9C83B5C821D370E).
Has anyone else had this issue?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Please submit the file to online scanner in fortiguard services:
https://fortiguard.com/faq/onlinescanner
As per your description, there are chances that the Windows file has got infected or replicated (as like a trusted file) by a Worm, which is why the detection seems to be W64. This can be a backdoor trojan as well.
You may try any of the stand-alone malware mitigation tools and see if it also detects that file as a threat.
Regards,
Yogesh
Thanks Yogesh. I submitted to the Fortiguard site which came back clean.
Please submit it as false positive to Fortinet as directed here:
https://forum.fortinet.com/FindPost/88948
For time being, you may add it to exclusion list:
Regards,
Yogesh
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1099 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.