F-Secure blocked Sage Business Desktop
My mum found that she could not get into Sage any more. When she tried to start it, a Windows error message was displayed saying that the sbddesktop.exe file was not accessible.
It had in fact been blocked by F-Secure Deep Guard:
Application was blocked. This was determined to be a high-risk application by system control heuristics.
Application path: \\?\c:\program files\common files\sage sbd\sbddesktop\v12\sbddesktop.exe
File hash: 36950ed19bb96d79bf61bddb3534b1ce1eca76b6
This appears to be the normal hash of sbddesktop.exe. Why was it blocked? I can't find the logs for F-Secure to see if I can gather any more information, but I have run fsdiag and collected the Zip file. there anything you can do to prevent this happening again, or to someone else?
There are also errors that may or not be connected:
An error occurred while scanning \DEVICE\HARDDISKVOLUME3\PROGRAM FILES\COMMON FILES\SAGE SBD\SBDDESKTOP\V12\SAGE.SBD.PLATFORM.IDENTIFIERS.CLI.DLL.
And a similar error relating to a Thunderbird database file. Lastly, there was a single error message in the event log a few days ago from F-Secure saying that a system scan had finished and the system was infected, but no further details were provided in the event log message.
This is F-Secure AV 2014 on Windows 7.