Is this a false Positive?

Highlighted
Scholar

Is this a false Positive?

On monday a number of the user in our organisation received an alert a virus was found and had been removed. The alert came up each time a user loaded the company Intranet page which is hosted by Office 365 using SharePoint. After a little more investigation we found it was only users that use Internet Explorer and switching to Chrome did not have the alert at all. 

 

We loaded a clean Windows 10 onto a spare laptop and installed Microsoft Security Essentials and it did not detect the virus. We then installed AVG and it also did not detect any virus. 

 

We call the Microsoft Support and they said it was a false positive.

 

The supposed infection is from JS.Nemucod.2.Gen which has been around for over a year and both MSE and AVG confirmed they are able to detect this strain.

 

We have about 50 users affected by this and it is a massive disruption because it requests most users to restart 

 

I have logged a ticket with F-Secure support on Monday and still no reply (ref:_00Db0JXpV._500b0mkIS7:ref)

 

We are using F-Secure Client Security 12 and 12.10 running on Windows 7 and Windows 10.

 

Any advice will be appreciated. 

Ant

1 ACCEPTED SOLUTION

Accepted Solutions
Community Manager

Re: Is this a false Positive?

Hi AntSpeed,

 

Indeed, that was a false positive detection! A fix for the false positives experienced with JS.Nemucod.2.Gen when accessing Sharepoint/Office365 resources is already available with database version Aquarius 2016-09-19_08.

 

We apologize for any inconvenience caused.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

3 REPLIES 3
Community Manager

Re: Is this a false Positive?

Hi AntSpeed,

 

Indeed, that was a false positive detection! A fix for the false positives experienced with JS.Nemucod.2.Gen when accessing Sharepoint/Office365 resources is already available with database version Aquarius 2016-09-19_08.

 

We apologize for any inconvenience caused.

Has somebody helped you? Say thanks by giving likes. Has your issue been solved? Mark the post using "Accept As Solution" button to let others know.

View solution in original post

Superuser

Re: Is this a false Positive?

Hello,

 

> I have logged a ticket with F-Secure support on Monday and still no reply

 

In case of a false alert, don't contact tech support, as that would be like calling the mechanic in case of a car accident, instead of the ambulance, a detour, which slows down help delivery.

 

There is an F-Secure webpage dedicated to file sample submission, where you can select "suspected false alarm":

https://www.f-secure.com/en/web/labs_global/submit-a-sample

 

Note: don't forget to expand the webform and include your address in the e-mail field, so that the lab can send you a message with the result of their investigation!

 

Best Regards. Tamas Feher, Hungary.

Novice

Re: Is this a false Positive?

Having same issue with PSB 12.01 build 283 couple laptop running Win 7 Pro.

Sent a sample file couple hours agoas the smaple didn't ring the bells with MBAM, AVG Free, Avira Free and MS Defender.

Issue is somewhat weird as on last monday we had one problematic laptop, today there's two of them and at same time there's about 20 laptops with same configurations running with no virus notifications when one logs on to the Sharepoint with IE.

 

Best regards,

Tomi