topic HEUR:Exploit.Multi.DrvDoc.gen in Endpoint https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122973#M4473 <P>We have had a number of calls today for checkpoint detecting&nbsp;</P><DIV>"C:\ProgramData\CheckPoint\Endpoint Security\TPCommon\Updater\ATPS\Working\652743B2ED95EABB5DE5D88CDC51BF9E396216CD\cuckoo\protections\general\UID612340.pyc" as&nbsp;HEUR:Exploit.Multi.DrvDoc.gen</DIV><DIV>&nbsp;</DIV><DIV>Currently working under the assumption of a false positive, but trying to verify with checkpoint support.</DIV><DIV>&nbsp;</DIV><DIV>Anyone else getting this today?&nbsp;</DIV> Mon, 05 Jul 2021 12:03:23 GMT Ashley_Black 2021-07-05T12:03:23Z HEUR:Exploit.Multi.DrvDoc.gen https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122973#M4473 <P>We have had a number of calls today for checkpoint detecting&nbsp;</P><DIV>"C:\ProgramData\CheckPoint\Endpoint Security\TPCommon\Updater\ATPS\Working\652743B2ED95EABB5DE5D88CDC51BF9E396216CD\cuckoo\protections\general\UID612340.pyc" as&nbsp;HEUR:Exploit.Multi.DrvDoc.gen</DIV><DIV>&nbsp;</DIV><DIV>Currently working under the assumption of a false positive, but trying to verify with checkpoint support.</DIV><DIV>&nbsp;</DIV><DIV>Anyone else getting this today?&nbsp;</DIV> Mon, 05 Jul 2021 12:03:23 GMT https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122973#M4473 Ashley_Black 2021-07-05T12:03:23Z Re: HEUR:Exploit.Multi.DrvDoc.gen https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122988#M4475 <P>Looks like open a TAC case is the way to go according to&nbsp;<A href="https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122953" target="_blank">https://community.checkpoint.com/t5/Endpoint/Checkpoint-blocked-its-own-updater-UID612340-pyc-as-Trojan/m-p/122953</A></P><P>&nbsp;</P> Mon, 05 Jul 2021 13:47:37 GMT https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122988#M4475 Ashley_Black 2021-07-05T13:47:37Z Re: HEUR:Exploit.Multi.DrvDoc.gen https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122993#M4476 <P>Observed this and verified with TAC as false positive. As per TAC, signature should be updated in next couple of hours.</P> Mon, 05 Jul 2021 14:13:42 GMT https://community.checkpoint.com/t5/Endpoint/HEUR-Exploit-Multi-DrvDoc-gen/m-p/122993#M4476 Hamad_Altaf 2021-07-05T14:13:42Z