Announcement: New Knowledge Base
4 June 2020: We are pleased to announce the launch of a new Knowledge Base, Changelogs for Business Security Products, where you can find more details, such as bugfixes or new features, about the most recent releases of our business-related products.
DeepGuard blocking files
We ran to this problem on a Win10Pro machine (running PSB Computer Protection 18.5) after the Autodesk Revit was installed. Everytime the machine starts up and user logs in, we get an alert message, which contains these lines:
" Exploit:W32/AppLockerBypass.A!DeepGuard Blocked File c:\windows\system32\regsvr32.exe 8eee4e2235f38644a213a1fcf0d3decf2b95d1e0"
"Exploit:W32/PowerShellStager.C!DeepGuard Blocked File c:\windows\syswow64\windowspowershell\v1.0\powershell.exe 5f0692820151ac639fb8bd399bf087954d5bc46b"
On the computer screen it says "Potentially harmuful file detected. DeepGuard has closed an application that opened a potentially harmful web page or document."
The strange thing is, that if we go to 'App and file control' window and open the 'Blocked' tab, it is empty. When running a manual scan or full computer scan, nothing is found. Any ideas what is causing this and what could be done to get rid of this?