I've had a couple of notifications this morning of Type infectionalert.type.7. These appear to have been blocked but reference different executables. One has blocked chrome.exe an another was a system file called PickerHost.exe. I can't find any reference to this type of infection. What is infectionalert.type.7?
I got one also abit differrent
F-Secure Protection Service for Business has identified the following security incidents:
Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1
Wed, 28 November 2018 09:23:48 UTC|Company XX|HOSTNAMEXX||Blocked|infectionalert.type.7|C:\Windows\System32\PickerHost.exe|
This means that PickerHost.exe tried to change a file in one of protected folders (open it for writing). It's used for file selection as far as I can see.
It may not be a problem if users use PickerHost.exe to browse to the files and we block it's write access but file selection UI may still work by opening files without write access.
If this happens often - you can add PickerHost.exe to the list of allowed programs in ransomware protection
Well, I guess the question is, is there an infection or not? If not, why are you blocking a valid system file? It's not just this one -- I've had similar issues with other system files. If I simply allow them am I opening myself up to an infection?
Here's another one today. Am I supposed to just allow all of these executables? If these are not infections, they are a constant nuisance and obfuscate those potentially real infections. How am I supposed to discern?:
F-Secure Protection Service for Business has identified the following security incidents: Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1 Wed, 28 November 2018 16:44:29 UTC|Berge Ford-internal|FLT-9||Blocked|infectionalert.type.7|C:\Windows\SysWOW64\dllhost.exe| Wed, 28 November 2018 16:44:39 UTC|Berge Ford-internal|FLT-9||Blocked|infectionalert.type.7|C:\Windows\SysWOW64\dllhost.exe|
It's how ransomware protection and access control works. They block access to protected folders for all apps except allowed ones. We have whitelisted some safe system files and they can write to protected folders too but we cannot whitelist files like dllhost.exe - they are legit system files but they can be used to host malicious dll, for instance, which would encrypt all your files.