Sysinfo.ocx being flagged as a worm?

Hello,

I have multiple clients at multiple sites that have started getting a "worm" in the form of the c:\windows\syswow64\sysinfo.ocx file.  MSE and Windows Defender both flag this file as a worm if they have the definitions that were created on 3/31 at 3:13am CST.  Anyone else having a similar issue?

 

Question Info

Last updated May 7, 2019 Views 1,976 Applies to:

We are getting it as well. It seems that the last FEP definition update started flagging this on all machines. 

Once the machines updated to: 1.239.494.0 is when the issue started. Even on freshly out of the box machines. 

EDIT:

According to forum post on Reddit, Microsoft is stating it's a false positive. 

So far it's hit a good number of machines on us. 

38 people were helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello,

I have multiple clients at multiple sites that have started getting a "worm" in the form of the c:\windows\syswow64\sysinfo.ocx file.  MSE and Windows Defender both flag this file as a worm if they have the definitions that were created on 3/31 at 3:13am CST.  Anyone else having a similar issue?

Same here also, just had to re-install the file on 20 machines and add the exclusion to MSE.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I tried an exclusion of %programfiles%\Blackbaud.

That failed.

Today I have added %windir%\SysWOW64\sysinfo.ocx exclusion into System Center.

I have to run for now.

I will check on it tomorrow and hope it works out.

1 person was helped by this reply

·

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

the sysinfo.ocx is in SYSTEM32 on windows 7 machines 32b. So you might want to add that as well. 

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Thanks for the idea. I do have some 32bit machines. When I look at the Endpoint Protection log I see it is getting false positives there too.

Thank you.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Can you please tell me where did you get the file?

I have deleted also the false threat and now what can i do to repair this?

Thanks

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.