• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
We have new content about Hotkey issue, Click here to check it out!
Check out our WINDOWS 11 Support Center info about: OPTIMIZATION, KNOWN ISSUES, FAQs, VIDEOS AND MORE.
Locked

‎08-02-2021 12:45 AM

HP Recommended
Product: All the HP's
Operating System: Microsoft Windows 10 (64-bit)

Hi

 

Does anyone know what on earth HPQqware is.  Is this a malicious application masqueading as legitimate HP Software, or is it Legitimate HP software acting line malware/Spyware?

 

it is showing up in a hidden folder in C:\HP\.

 

The HPQWare folder is fulled with random junk and .exe's signed by HP Inc..

 

The only reason found the folder is from an installer that tried to run from C:\hpswsetup\sp114136\installer.exe was blocked by my AV.  When it was running it tried resetting the folder permissions on the C:\HP folder as well as quering a bunch or registy Keys and copying text files.

 

The Virus Total link can be found here https://www.virustotal.com/gui/file/ad18fcd479609dfa41d79225fb31021054b34e9961d23017bf142ee9af74a120....

 

This file is also signed by HP Inc.  Which I find very concerning.

 

Going through the EDR Events.  It appears to query HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ACPI\HPIC000C.

 

This contains references to HPAnalyticsSoftwareKey, HP Device Health Service, FusionSoftwareKey and HP Application Enabling Services.  Again sounds Like HP Junkware, but there is not much information about what these are or what they do.

 

Any insight would be helpful as I don't want to be wiping every machine in the office to find out it is acutally just HP Junkware.

Kind Regards

Brad

 

Category:
1 person had the same question
2 REPLIES 2

‎08-03-2021 06:46 AM

HP Recommended

for me also falcon block the IOC on path "C:\hpswsetup\sp114136\install.exe -s"

ad18fcd479609dfa41d79225fb31021054b34e9961d23017bf142ee9af74a120

 
 
 
 
Was this reply helpful? Yes No

‎08-10-2021 01:44 AM

HP Recommended

Hi,

 

I logged a support ticket with CrowdStrike for this issue and they have confirmed that this is a false positive caused by an internal issue. This has been fixed at their end.

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.