none
Malware detected ( PUA: Win32/InstallCore) on signature version 1.263.1897.0 but not picked on previous version

    Question

  • Hi All,

    Need assistance to understand that Malware detected on Endpoint protection on Signature version 1.263.1897.0 but couldn't detected on previous any of version and system is schedule every week full scan.

    the file which caught under malware is placed more than 90 days

       Here is event for same

    Microsoft Antimalware has detected malware or other potentially unwanted software.

    For more information please see the following:

    http://go.microsoft.com/fwlink/?linkid=37020&name=PUA:Win32/InstallCore&threatid=213927

    Name: PUA:Win32/InstallCore

    ID: 213927

    Severity: Severe

    Category: Potentially Unwanted Software

    Path: file:_C:\Users\username\Downloads\FileZilla_3.14.1_win64-setup.exe

    Detection Origin: Local machine

    Detection Type: Concrete

    Detection Source: System

    User: NT AUTHORITY\NETWORK SERVICE

    Process Name: Unknown

    Signature Version: AV: 1.263.1897.0, AS: 1.263.1897.0, NIS: 119.0.0.0

    Engine Version: AM: 1.1.14600.4, NIS: 2.1.14600.4

    Wednesday, April 04, 2018 2:44 AM

All replies

  • You'll need to contact Microsoft directly to get an explicit answer in this; however, note that this isn't an alert for Malware, it's for "potentially unwanted software". This means that the software installer bundles other software besides just the main application that you intended and this may be undesirable but not necessarily malicious.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, April 04, 2018 2:17 PM