cancel
Showing results for 
Search instead for 
Did you mean: 

What is infectionalert.type.7

Aspirant

What is infectionalert.type.7

I've had a couple of notifications this morning of Type infectionalert.type.7. These appear to have been blocked but reference different executables. One has blocked chrome.exe an another was a system file called PickerHost.exe. I can't find any reference to this type of infection. What is infectionalert.type.7?

 

 

12 REPLIES 12
F-Secure

Re: What is infectionalert.type.7

Hello,

 

Where did you see that? On portal or on client?

Can you post a screenshot so we can understand it better?

Aspirant

Re: What is infectionalert.type.7

Here you go.

F-Secure infectionalert.type.7.PNG

Highlighted
F-Secure

Re: What is infectionalert.type.7

Thank you for reporting it. We will fix it shortly - it's missing localization for detected ransomware threats

Aspirant

Re: What is infectionalert.type.7

Not sure what that means but okay.

Scholar

Re: What is infectionalert.type.7

I got one also abit differrent

 

F-Secure Protection Service for Business has identified the following security incidents:

Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1

Wed, 28 November 2018 09:23:48 UTC|Company XX|HOSTNAMEXX||Blocked|infectionalert.type.7|C:\Windows\System32\PickerHost.exe|

 

           

28.11.2018
11.23.48
URHEILUHALLIT\userxx reports.infections.types.ransomwareAccessControlEstettyC:\Windows\System32\PickerHost.exe
F-Secure

Re: What is infectionalert.type.7

This means that PickerHost.exe tried to change a file in one of protected folders (open it for writing). It's used for file selection as far as I can see.

It may not be a problem if users use PickerHost.exe to browse to the files and we block it's write access but file selection UI may still work by opening files without write access.

If this happens often - you can add PickerHost.exe to the list of allowed programs in ransomware protection

Aspirant

Re: What is infectionalert.type.7

Well, I guess the question is, is there an infection or not? If not, why are you blocking a valid system file? It's not just this one -- I've had similar issues with other system files. If I simply allow them am I opening myself up to an infection? 

Aspirant

Re: What is infectionalert.type.7

Here's another one today. Am I supposed to just allow all of these executables?  If these are not infections, they are a constant nuisance and obfuscate those potentially real infections. How am I supposed to discern?:

 

F-Secure Protection Service for Business has identified the following security incidents: Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1 Wed, 28 November 2018 16:44:29 UTC|Berge Ford-internal|FLT-9||Blocked|infectionalert.type.7|C:\Windows\SysWOW64\dllhost.exe| Wed, 28 November 2018 16:44:39 UTC|Berge Ford-internal|FLT-9||Blocked|infectionalert.type.7|C:\Windows\SysWOW64\dllhost.exe|

F-Secure

Re: What is infectionalert.type.7

It's how ransomware protection and access control works. They block access to protected folders for all apps except allowed ones. We have whitelisted some safe system files and they can write to protected folders too but we cannot whitelist files like dllhost.exe - they are legit system files but they can be used to host malicious dll, for instance, which would encrypt all your files.