Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1782 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is ssh/encpk-MV ?

Blossom

I've got three suspicious file detections showing on my 9.7 SEC  for ssh/encpk-MV but going to the link for ssh/encpk-MV from the SEC doesn't find anything (it's really annoying when the SEC shows something and one clicks on it for more information and the Sophos end finds nothing!).

The first was detected on the afternoon of the 8th, one yesterday morning and the other yesterday evening.

The file in question is consistently C:\Windows\winsxs\Temp\PendingRenames\192608586f3dcc013a7e00004c04ac04.x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747_rpcss.dll_fd3e269b

Anyone know what this suspicious file is and/or about the behaviour of ssh/encpk-MV so I can decide whether it's something I might want to allow and not get told about?

Thanks

:14785


This thread was automatically locked due to age.
  • 0

    Hello Blossom,

    might be a detection created over the weekend, can't find an analysis yet. The SSH prefix is new to me, but EncPk suggests that it's based on generic detection and among the actions for these is usually Please send a sample - if possible do so (you might also want to contact Support in addition to submitting the sample).

    Christian

    :14789
  • 0

    Thanks, will follow that up.

    :14791
  • 0

    Minor correction - it is called Shh/EncPk-MV, seems to get detected during Windows updates. When I browsed to the \winsxs\Temp\PendingUpdates\ folder it was no longer there though (and consequently the alert was removed).

    BTW: Got a few detections of Mal/EncPk-OJ - seems to be caused by an updated detection (as the analysis is from 2010) and complains about uninstallers (which probably have been around for some time on the clients).

    Christian

    :14799
  • 0

    apologies for the typo in the detection name.

    Yes, the file appears to be related to Windows updates, and no longer a problem.

    Thanks for your help.

    :14941