Forticlient finds Malicious_Behavior.SB when Lenovo Vantage is running
we have many Lenovo Notebooks with Intel and AMD CPUs. Since last week Friday we get more and more "Virus found" messages from our Forticlient. Here are the details:
We are using EMS 7.0.4 We are using Forticlient 7.0.3 and 7.0.5 (identical results) All Clients Windows 10 22H2, Lenovo Vantage installed What happens:
The Virus is found in the directory %PROGRAMDATA%\Lenovo\Vantage\...\ On Intel, the malicious file found is named dp687checkversion_10.exe, on AMD it is dp687checkversion_amd.exe The file cannot be quarantined and is running as a subprocess to conhost.exe in Windows\System32 Once Vantage is uninstalled, the virus is gone It might not be a virus, just a false positive from Forticlient, but
a) I cannot just ignore it
b) End Users get a red window with this message on their desktops
c) It MIGHT BE a virus (maybe even spread by lenovo?)
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.