Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 1784 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is ssh/encpk-MV ?

Blossom

I've got three suspicious file detections showing on my 9.7 SEC  for ssh/encpk-MV but going to the link for ssh/encpk-MV from the SEC doesn't find anything (it's really annoying when the SEC shows something and one clicks on it for more information and the Sophos end finds nothing!).

The first was detected on the afternoon of the 8th, one yesterday morning and the other yesterday evening.

The file in question is consistently C:\Windows\winsxs\Temp\PendingRenames\192608586f3dcc013a7e00004c04ac04.x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747_rpcss.dll_fd3e269b

Anyone know what this suspicious file is and/or about the behaviour of ssh/encpk-MV so I can decide whether it's something I might want to allow and not get told about?

Thanks

:14785


This thread was automatically locked due to age.
Parents
  • 0

    Minor correction - it is called Shh/EncPk-MV, seems to get detected during Windows updates. When I browsed to the \winsxs\Temp\PendingUpdates\ folder it was no longer there though (and consequently the alert was removed).

    BTW: Got a few detections of Mal/EncPk-OJ - seems to be caused by an updated detection (as the analysis is from 2010) and complains about uninstallers (which probably have been around for some time on the clients).

    Christian

    :14799
Reply
  • 0

    Minor correction - it is called Shh/EncPk-MV, seems to get detected during Windows updates. When I browsed to the \winsxs\Temp\PendingUpdates\ folder it was no longer there though (and consequently the alert was removed).

    BTW: Got a few detections of Mal/EncPk-OJ - seems to be caused by an updated detection (as the analysis is from 2010) and complains about uninstallers (which probably have been around for some time on the clients).

    Christian

    :14799
Children
No Data