Hi.
We have F-Secure antivirus and yesterday some files from Windows NCPA agents (version 2.2.2) werer identified as possible malware code.
For now these 2 files were found:
ObjectName (custom) C:\Program Files (x86)\Nagios\NCPA\library.zip\[518] py_compile.pyc
ObjectName (custom) C:\Program Files (x86)\Nagios\NCPA\library.zip\[599] sysconfig.pyc
Is this actually has to do something with malware or are these false positives and we can white liste these files?
Thank you for your help.
Best regards, Aljaž
Windows NCPA agent files detected as possible malware
-
alipoglavsek
- Posts: 13
- Joined: Fri Nov 13, 2020 6:37 am
Re: Windows NCPA agent files detected as possible malware
This is the first I've seen this, that library.zip file contains those files on my system as well and is distributed with NCPA (it's essentially the python libraries need for NCPA).
Can you 7zip that C:\Program Files (x86)\Nagios\NCPA\library.zip file and PM it to me so that I can analyze it?
EDIT: I installed f-secure safe and scanned it and it did not get flagged with NCPA 2.2.2 or NCPA 2.3.1.
Can you 7zip that C:\Program Files (x86)\Nagios\NCPA\library.zip file and PM it to me so that I can analyze it?
EDIT: I installed f-secure safe and scanned it and it did not get flagged with NCPA 2.2.2 or NCPA 2.3.1.
-
alipoglavsek
- Posts: 13
- Joined: Fri Nov 13, 2020 6:37 am
Re: Windows NCPA agent files detected as possible malware
Hi,
you have files on PM.
Thank you.
BRA
you have files on PM.
Thank you.
BRA
Re: Windows NCPA agent files detected as possible malware
Thank you, the file hash matches and it looks like it is a false positive. We don't get into recommending AV/malware exclusions by policy but you should reach out to F-Secure and see what options you have for this in their product.