Sysinfo.ocx being flagged as a worm?

Hello,

I have multiple clients at multiple sites that have started getting a "worm" in the form of the c:\windows\syswow64\sysinfo.ocx file.  MSE and Windows Defender both flag this file as a worm if they have the definitions that were created on 3/31 at 3:13am CST.  Anyone else having a similar issue?

We are getting it as well. It seems that the last FEP definition update started flagging this on all machines. 

Once the machines updated to: 1.239.494.0 is when the issue started. Even on freshly out of the box machines. 

EDIT:

According to forum post on Reddit, Microsoft is stating it's a false positive. 

So far it's hit a good number of machines on us. 

38 people found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Hello,

I have multiple clients at multiple sites that have started getting a "worm" in the form of the c:\windows\syswow64\sysinfo.ocx file.  MSE and Windows Defender both flag this file as a worm if they have the definitions that were created on 3/31 at 3:13am CST.  Anyone else having a similar issue?

Same here also, just had to re-install the file on 20 machines and add the exclusion to MSE.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

I tried an exclusion of %programfiles%\Blackbaud.

That failed.

Today I have added %windir%\SysWOW64\sysinfo.ocx exclusion into System Center.

I have to run for now.

I will check on it tomorrow and hope it works out.

1 person found this reply helpful

·

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

the sysinfo.ocx is in SYSTEM32 on windows 7 machines 32b. So you might want to add that as well. 

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Thanks for the idea. I do have some 32bit machines. When I look at the Endpoint Protection log I see it is getting false positives there too.

Thank you.

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

Can you please tell me where did you get the file?

I have deleted also the false threat and now what can i do to repair this?

Thanks

Was this reply helpful?

Sorry this didn't help.

Great! Thanks for your feedback.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this reply?

Thanks for your feedback.

 
 

Question Info

Last updated May 7, 2019 Views 1,984 Applies to: