What is infectionalert.type.7

Aspirant

Re: What is infectionalert.type.7

So how do I determine which app is calling this process and allow this app?

Aspirant

Re: What is infectionalert.type.7

 Seems like you should be able to differentiate between legitimate and malicious behavior. For example, my users can't save attached images or scans to their own folders. That leaves me the choice of either unprotecting the folder or allowing the file which, as you have just observed, can run malicious code. 

Highlighted
Novice

Re: What is infectionalert.type.7

Same type of thing here. 2 hosts on a network I've been brought in to look after report in on c:\windows\system32\Sihost.exe and a DLL in C:\windows\syswow64

 

Fsecure seems to detect and block, but doesn't seem to take the process any further, so some days I'll get a flurry of reports, on others, maybe I won't get any. What to do to take the cleaning process to actually rooting this thing out--if an infection-- or determining if it's safe and simply allowing it?

 

Begin Paste--

F-Secure Protection Service for Business has identified the following security incidents:
Time|Account|Host|Infection|Action|Type|Infected Object|Infected Object SHA1
Mon, 21 January 2019 16:50:33 UTC|Khorshidi Law Firm, APC|PC||Blocked|infectionalert.type.7|C:\Windows\System32\sihost.exe|

--End Paste

 

That's all for now. Thanks!