Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cms8000
New Contributor

Created on ‎08-22-2023 12:49 AM

Forticlient finds Malicious_Behavior.SB when Lenovo Vantage is running

 

Hi,

 

we have many Lenovo Notebooks with Intel and AMD CPUs. Since last week Friday we get more and more "Virus found" messages from our Forticlient. Here are the details:

 

Environment:

We are using EMS 7.0.4
We are using Forticlient 7.0.3 and 7.0.5 (identical results)
All Clients Windows 10 22H2, Lenovo Vantage installed
What happens:

The Virus is found in the directory %PROGRAMDATA%\Lenovo\Vantage\...\
On Intel, the malicious file found is named dp687checkversion_10.exe, on AMD it is dp687checkversion_amd.exe 
The file cannot be quarantined and is running as a subprocess to conhost.exe in Windows\System32
Once Vantage is uninstalled, the virus is gone
It might not be a virus, just a false positive from Forticlient, but

a) I cannot just ignore it

b) End Users get a red window with this message on their desktops

c) It MIGHT BE a virus (maybe even spread by lenovo?)

When you google the amd file, you will find the virus definition by Joe Sandbox (https://www.joesandbox.com/analysis/1292937/0/html)


What do to? Thankful for any ideas...

Christian

 

Christian
Labels:
888
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎08-30-2023 01:38 AM

This is a false positive and the signature database is being updated to fix this issue. Please validate the behavior once your databases are updated to next version.

Please make a note of current version and check once its updated.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

618
3 REPLIES 3
Stephen_G
Moderator
Moderator

Created on ‎08-24-2023 01:38 PM

Hello cms8000,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
802
0 Kudos
Stephen_G
Moderator
Moderator

Created on ‎08-30-2023 01:07 AM

Hello Christian,

 

We are still looking to get you an answer. Thank you for your understanding.

 

Kind regards,

Stephen - Fortinet Community Team
629
0 Kudos
srajeswaran
Staff
Staff

Created on ‎08-30-2023 01:38 AM

This is a false positive and the signature database is being updated to fix this issue. Please validate the behavior once your databases are updated to next version.

Please make a note of current version and check once its updated.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

619
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.