locked
Configuration Manager Malware Detected Alert: Malware detection alert RRS feed

  • Question

  • Hi all,

    Every day, I receive an alert from a user like this:

    System Center Endpoint Protection has detected malware on one or more computers in your organization

    Collection name: XXXXX

    Malware Name: Worm:Win32/Conficker.C
    Number of infections: 1
    Last detection time(UTC time): 5/18/2017 6:20:40 AM

    These are the infections of this malware:
    1. Computer name: XXXXX
    Domain: XXXXXX
    Detection time(UTC time): 5/18/2017 6:20:40 AM
    Malware file path: file:_C:\Users\XXXXX\Google Drive\.tmp.drivedownload\tmps_bbad.drivedownload
    Remediation action: NoAction
    Action status: Succeeded
    To view further information about malware activity in your organization, run Malware Details Report.

    Note: No additional Malware Detection alerts will be generated for these computers if no new infections are found in the next 24 hours.

    So it seems that the malware is not removed, probably because Google Drive try to import the file everyday from the cloud to the desktop.

    I have no idea how to deal with this situation in order stop receiving alert (meaning the malware is cleaned).

    Your help will be useful,

    Thursday, May 18, 2017 11:23 AM

Answers

  • First of all, I will make the affected computer offline and then full scan all the files to be sure there isn't any threat exist.

    Then I will log off the google account and then make the computer back on line and keep monitoring to see if still alert coming.

    If no, then it might be that there are dangerous files in the google cloud drive. Ask the user to clean it out before he can log in the google account.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Frank Dong Wednesday, May 24, 2017 3:11 PM
    • Proposed as answer by Frank Dong Thursday, June 15, 2017 1:57 PM
    • Marked as answer by Gerry HampsonMVP Sunday, August 27, 2017 6:57 PM
    Wednesday, May 24, 2017 3:10 PM