Create an account on the HP Community to personalize your profile and ask a question
11-05-2022 07:51 AM
Hello HP Pals,
Only for the last two weeks or so, HP Wolf Security has been flagging what appear to be
incoming email messages via Thunderbird and Quarantining them.
The files are in this path:
and they are designated like this in HP Wolf Security: C:\Users\Mark\AppData\Local\Temp\newmsg
I've located the 4 Quarantined files in this path:
And uploaded each of the 4 under 15k files to VirusTotal.com -- All came back clean.
Not sure why this started doing this. Been using both Thunderbird and Wolf Security for at least a couple of years.
Anyone seeing this? Not sure how to stop it if they are false positives and not sure if they even ARE false positives.
Thanks so much!
Some Related Wolf Security Log Info with the term "newmsg" is here:
data_collector.cpp<2092>:UpdateCloudResult(): Failed to add to database: C:\Users\Mark\AppData\Local\Temp\newmsg
2022-11-05 08:49:28.089-04:00[01:12.802] P06936T08304 BemSvc:monevents flt.cpp<868>:get_scan_result(): Cloud check result for scan id = 411, file C:\Users\Mark\AppData\Local\Temp\newmsg, cloud result = 0
2022-11-05 08:49:28.089-04:00[01:12.805] P06936T01712 BemSvc:monanalysis event_store_db.cpp<985>:StoreCloudResult(): StoreCloudResult: md5 hash: sha1 hash: sha256 hash: E5043B3F2C241B2D18A5174194F561006DFFA0FE68869F87B83CD454B6363E97 Cloud result: 0 Cloud name: Process Path ID: 3 Process ID 13884 Process name C:\Users\Mark\AppData\Local\Temp\newmsg
2022-11-05 08:49:28.089-04:00[01:12.806] P06936T01712 BemSvc:monanalysis event_monitor.cpp<354>:StoreEvent(): Alert required for circle: 207. Trigger Event ID: 3
2022-11-05 08:49:28.089-04:00[01:12.806] P06936T08304 BemSvc RemediationManager.cpp<788>:QuarantineFileHandle(): Quarantining 'C:\Users\Mark\AppData\Local\Temp\newmsg' to 'C:\ProgramData\Bromium\BEM\Quarantine\E5043B3F2C241B2D18A5174194F561006DFFA0FE68869F87B83CD454B6363E97_72cec20e'; scan_id = 411
2022-11-05 08:49:28.089-04:00[01:12.807] P06936T01712 BemSvc:monanalysis XevtsGraph.cpp<703>:FillFileProperties(): Query for Hash Data for PathID: 2 EndTime: 133121261622675423
2022-11-05 08:49:28.089-04:00[01:12.807] P06936T01712 BemSvc:monanalysis
11-07-2022 06:29 AM
Hello Again HP Pals!
I am now getting the Quarantined message warning
at least once a day for files called:
The files are very small files that appear to be email messages.
They've been uploaded to VirusTotal.com and are "clean", but HP Wolf Security
doesn't seem to agree. I don't recall any other instance of false positives, so I'm
reluctant to ignore HP Wolf Security.
Problem is, HP Wolf Security doesn't give enough information to really know what is going on with the files!
Just tells you "Malware", the "Path" and a "Hash" of the file.
What concerns me is not knowing if I'm actually missing important emails.
There are now six of them in quarantine, but never any before.
Anyone have any sense of how to view these files safely?
Thanks so much!!
Didn't find what you were looking for? Ask the community