What is infectionalert.type.7


Re: What is infectionalert.type.7

So how do I determine which app is calling this process and allow this app?


Re: What is infectionalert.type.7

 Seems like you should be able to differentiate between legitimate and malicious behavior. For example, my users can't save attached images or scans to their own folders. That leaves me the choice of either unprotecting the folder or allowing the file which, as you have just observed, can run malicious code. 


Re: What is infectionalert.type.7

Same type of thing here. 2 hosts on a network I've been brought in to look after report in on c:\windows\system32\Sihost.exe and a DLL in C:\windows\syswow64


Fsecure seems to detect and block, but doesn't seem to take the process any further, so some days I'll get a flurry of reports, on others, maybe I won't get any. What to do to take the cleaning process to actually rooting this thing out--if an infection-- or determining if it's safe and simply allowing it?


Begin Paste--

F-Secure Protection Service for Business has identified the following security incidents:
Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1
Mon, 21 January 2019 16:50:33 UTC|Khorshidi Law Firm, APC|PC||Blocked|infectionalert.type.7|C:\Windows\System32\sihost.exe|

--End Paste


That's all for now. Thanks!