DeepGuard blocking files

We ran to this problem on a Win10Pro machine (running PSB Computer Protection 18.5) after the Autodesk Revit was installed. Everytime the machine starts up and user logs in, we get an alert message, which contains these lines: 

" Exploit:W32/AppLockerBypass.A!DeepGuard    Blocked    File  c:\windows\system32\regsvr32.exe  8eee4e2235f38644a213a1fcf0d3decf2b95d1e0"
and
"Exploit:W32/PowerShellStager.C!DeepGuard    Blocked    File  c:\windows\syswow64\windowspowershell\v1.0\powershell.exe  5f0692820151ac639fb8bd399bf087954d5bc46b"

 

On the computer screen it says "Potentially harmuful file detected. DeepGuard has closed an application that opened a potentially harmful web page or document." 

 

The strange thing is, that if we go to 'App and file control' window and open the 'Blocked' tab, it is empty. When running a manual scan or full computer scan, nothing is found. Any ideas what is causing this and what could be done to get rid of this? 

Best Answer

  • fedoolfedool Posts: 146 F-Secure Employee
    Accepted Answer

    This seems like you have a resident virus which we cannot detect by scanning but deepguard detects it when it gets executed and blocks it.

    Can you run our support tool to gather logs and send them in private message to me?

    filippopizzini

Comments

  • TercelTercel Posts: 8

    I have sent a private message to you. Thanks.

  • TercelTercel Posts: 8

    Hi again, 

     

    I'm closing this case by now. I got great service from F-Secure Customer Care and after few steps, I received instructions that worked. Thank you! 

    Laksh
  • I have the same problem if you could reply me in private message

  • Goodmorning the same problem to me, exception w.32/PowerShallStager.C/DeepGuard, sometimes Powershell runs itself...than Deepguard closes the windows...

    thank you in advance for your kind answer

     

  • Hi Chotel,

     

    I've had all kinds of cases after this special DeepGuard issue, and I've always received great service from F-Secure support team. Maybe you could create a support ticket, and I'm sure you'll get the instructions and help from them. You can request support here:

    https://www.f-secure.com/en/web/business_global/support/support-request

     

    I hope this helps you to move forward with your DeepGuard problem.

    Lakshfedool
This discussion has been closed.