12-27-2017 09:52 AM
10 different vendors classifies a file (hp_104xfwupg1520_131025101126.exe) inside update sp81969.exe as trojan/malware.
12-30-2017 12:19 PM
Thank you for posting in the HP Support forum @bubler
Sorry for the delay in the reply.
The file is clean. It is classified by these vendors by mistake - as you can see, the detection is not definite , it's heuristic type "Unsafe" / "High confidence" / "Suspicious" - it has no specific malware name.
It is detected by let's say "less reputable" vendors.
Antivirus have many different methods for detecting malicious code/viral and non-viral malicious code. Some are definitions for concrete detections. Others are behaviour analysis, heuristic analysis, intrustion prevention detection, etc... The effectiveness of heuristic analysis may be high re. catching new threats, but the effectiveness is fairly ~low regarding accuracy and the number of false positives/false detections. Here is more info about the AV heuristics >> https://en.wikipedia.org/wiki/Heuristic_analysis
Hope this helps!
**** Mark this post as an ACCEPTED SOLUTION if it helps **** Thanks !
I am not employed by HP Inc. **** I express personal opinion only. **** HP Expert **** I work in IT and cyber security
01-15-2018 12:29 AM
API Name: SetWindowsHookExA Address: 0x00077c42
Params: [4294967295, 0x77a81, 0x0, 3292]
Imagepath: C:\Users\admin\AppData\Local\Temp\~sfx0072B99E5C\ASM104FWUpdate.exe DLL Name: user32.dll
hi, apart of the "less reputate" AV vendors. i noticed there is a keylogging activitiy as shown above which was retrieved from the sandbox analysing report. why is it so that it need such a control?