Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ashley_Black
Contributor

HEUR:Exploit.Multi.DrvDoc.gen

We have had a number of calls today for checkpoint detecting 

"C:\ProgramData\CheckPoint\Endpoint Security\TPCommon\Updater\ATPS\Working\652743B2ED95EABB5DE5D88CDC51BF9E396216CD\cuckoo\protections\general\UID612340.pyc" as HEUR:Exploit.Multi.DrvDoc.gen
 
Currently working under the assumption of a false positive, but trying to verify with checkpoint support.
 
Anyone else getting this today? 
2 Replies
Ashley_Black
Contributor

0 Kudos
Hamad_Altaf
Explorer

Observed this and verified with TAC as false positive. As per TAC, signature should be updated in next couple of hours.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events