• ×
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
Are you having hardware issues? Click here for tips and tricks.
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
HP Recommended
Microsoft Windows 10 (64-bit)

Hello HP Pals,


Only for the last two weeks or so, HP Wolf Security has been flagging what appear to be 

incoming email messages via Thunderbird and Quarantining them.


The files are in this path:


and they are designated like this in HP Wolf Security: C:\Users\Mark\AppData\Local\Temp\newmsg 


I've located the 4 Quarantined files in this path:



And uploaded each of the 4 under 15k files to VirusTotal.com -- All came back clean.


Not sure why this started doing this. Been using both Thunderbird and Wolf Security for at least a couple of years.


Anyone seeing this? Not sure how to stop it if they are false positives and not sure if they even ARE false positives.


Thanks so much!


- IntoTheLight


Some Related Wolf Security Log Info with the term "newmsg" is here:


data_collector.cpp<2092>:UpdateCloudResult(): Failed to add to database: C:\Users\Mark\AppData\Local\Temp\newmsg
2022-11-05 08:49:28.089-04:00[01:12.802] P06936T08304 BemSvc:monevents flt.cpp<868>:get_scan_result(): Cloud check result for scan id = 411, file C:\Users\Mark\AppData\Local\Temp\newmsg, cloud result = 0
2022-11-05 08:49:28.089-04:00[01:12.805] P06936T01712 BemSvc:monanalysis event_store_db.cpp<985>:StoreCloudResult(): StoreCloudResult: md5 hash: sha1 hash: sha256 hash: E5043B3F2C241B2D18A5174194F561006DFFA0FE68869F87B83CD454B6363E97 Cloud result: 0 Cloud name: Process Path ID: 3 Process ID 13884 Process name C:\Users\Mark\AppData\Local\Temp\newmsg
2022-11-05 08:49:28.089-04:00[01:12.806] P06936T01712 BemSvc:monanalysis event_monitor.cpp<354>:StoreEvent(): Alert required for circle: 207. Trigger Event ID: 3
2022-11-05 08:49:28.089-04:00[01:12.806] P06936T08304 BemSvc RemediationManager.cpp<788>:QuarantineFileHandle(): Quarantining 'C:\Users\Mark\AppData\Local\Temp\newmsg' to 'C:\ProgramData\Bromium\BEM\Quarantine\E5043B3F2C241B2D18A5174194F561006DFFA0FE68869F87B83CD454B6363E97_72cec20e'; scan_id = 411
2022-11-05 08:49:28.089-04:00[01:12.807] P06936T01712 BemSvc:monanalysis XevtsGraph.cpp<703>:FillFileProperties(): Query for Hash Data for PathID: 2 EndTime: 133121261622675423
2022-11-05 08:49:28.089-04:00[01:12.807] P06936T01712 BemSvc:monanalysis




HP Recommended

Hello Again HP Pals!


I am now getting the Quarantined message warning

at least once a day for files called: 




The files are very small files that appear to be email messages.


They've been uploaded to VirusTotal.com and are "clean", but HP Wolf Security

doesn't seem to agree. I don't recall any other instance of false positives, so I'm 

reluctant to ignore HP Wolf Security.


Problem is, HP Wolf Security doesn't give enough information to really know what is going on with the files!


Just tells you "Malware", the "Path" and a "Hash" of the file. 


What concerns me is not knowing if I'm actually missing important emails. 


There are now six of them in quarantine, but never any before.


Anyone have any sense of how to view these files safely?


Thanks so much!!





† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.