This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

false positive - dasHost.exe identified as ransomware

The md5 hash of this file, 66CFAA5940A06DAF10F5203BC2B1A5AB, is detected on 65+ Windows 8.1 hosts on our network. The Device Association Framework Provider Host is a legitimate part of Windows 8 & does not exhibit any odd behavior when executed inside a sandbox. This is the alert received in the cloud console:

High alert received from Sophos Central: CryptoGuard detected ransomware in C:\Windows\System32\dasHost.exe

I have opened a support case regarding this issue a couple of days ago but have not yet received a satisfactory answer.

-Gary

This thread was automatically locked due to age.

Parents

JamiePassalacqua over 8 years ago

same here, opened a ticket. also the link to get support on the Sopho Central site brings me to a "Page Not Found"....
Cancel
Vote Up 0 Vote Down

Cancel
gdriggs over 8 years ago in reply to JamiePassalacqua

We are now seeing these on Windows 8.1 endpoints as well.
Cancel
Vote Up 0 Vote Down

Cancel
Aditya Patel over 8 years ago in reply to gdriggs

HI gdriggs,

This will be resolved in the next release .

No ETA of the release date.

Thanks

Aditya Patel

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
David Coombe over 7 years ago in reply to Aditya Patel

I just got one today on a Windows 10 box.
Cancel
Vote Up 0 Vote Down

Cancel
Jayden Ashworth over 6 years ago in reply to Aditya Patel

2 and a half years later - has that fix came out yet? This issue is still occurring.
Cancel
Vote Up 0 Vote Down

Cancel
Aditya Patel over 6 years ago in reply to Jayden Ashworth

Hello Jayden Ashworth

The issue is resolved since 28th June 2017. If you do encounter the same issue, kindly let us know and will shall check again.

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel
Jayden Ashworth over 6 years ago in reply to Aditya Patel

Aditya Patel said:
Hello
If you do encounter the same issue, kindly let us know and will shall check again.

Seriously? What part of "This issue is still occurring." did you have trouble with?

Yes. Same problem. Twice within one week. System administrators kick the computers from the network whenever Sophos reports anything.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Jayden Ashworth over 6 years ago in reply to Aditya Patel

Aditya Patel said:
Hello
If you do encounter the same issue, kindly let us know and will shall check again.

Seriously? What part of "This issue is still occurring." did you have trouble with?

Yes. Same problem. Twice within one week. System administrators kick the computers from the network whenever Sophos reports anything.
Cancel
Vote Up 0 Vote Down

Cancel

Children

Aditya Patel over 6 years ago in reply to Jayden Ashworth

Hello Jayden Ashworth,

It does seem this issue would need to be investigated, could you please raise a Support Case with Sophos Support?

Regards,

Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Cancel
Vote Up 0 Vote Down

Cancel

false positive - dasHost.exe identified as ransomware

Submitted a Tech Support Case lately from the Support Portal?