12-27-2017 09:52 AM
10 different vendors classifies a file (hp_104xfwupg1520_131025101126.exe) inside update sp81969.exe as trojan/malware.
12-30-2017 12:19 PM
Thank you for posting in the HP Support forum @bubler
Sorry for the delay in the reply.
The file is clean. It is classified by these vendors by mistake - as you can see, the detection is not definite , it's heuristic type "Unsafe" / "High confidence" / "Suspicious" - it has no specific malware name.
It is detected by let's say "less reputable" vendors.
Antivirus have many different methods for detecting malicious code/viral and non-viral malicious code. Some are definitions for concrete detections. Others are behaviour analysis, heuristic analysis, intrustion prevention detection, etc... The effectiveness of heuristic analysis may be high re. catching new threats, but the effectiveness is fairly ~low regarding accuracy and the number of false positives/false detections. Here is more info about the AV heuristics >> https://en.wikipedia.org/wiki/Heuristic_analysis
Hope this helps!
* Please, use the button to accept this post as a solution if my comment helped
IT_WinSec : I am not employed by HP Inc. I am a volunteer and I express personal opinion only. I work in IT and cyber security
01-15-2018 12:29 AM
API Name: SetWindowsHookExA Address: 0x00077c42
Params: [4294967295, 0x77a81, 0x0, 3292]
Imagepath: C:\Users\admin\AppData\Local\Temp\~sfx0072B99E5C\ASM104FWUpdate.exe DLL Name: user32.dll
hi, apart of the "less reputate" AV vendors. i noticed there is a keylogging activitiy as shown above which was retrieved from the sandbox analysing report. why is it so that it need such a control?
- HP PCs - Changing the Default Apps (Windows 10)
- Information About Support for Windows 7 or Windows 10 on 2016-2017 Business PCs
- HP PCs - How to Change or Reset Password (Windows 10)
- HP Business PCs and Tablets - Performing a Hard Reset or Forced Reset
- HP PCs, Tablets and Accessories - Using USB Type-C to Transfer Power and Data