Trj/RansomDecoy.A detection in Advanced EPDR/EDR

Trj/RansomDecoy.A detection in Advanced EPDR/EDR

By July 17, 2023EDR, EPDR, Support
+34 900 840 407
support@cytomic.ai

Trj/RansomDecoy.A detection in Advanced EPDR/EDR

Related products_
  • Advanced EPDR
  • Advanced EDR
Issue status_
  • Tracking ID: WGUA 1546
  • Status: Resolved
  • Type of solution: Hotfix
Symptoms_

Under certain circumstances, Advanced EPDR/EDR products may return a false detection of Trj/RansomDecoy.A in temporary user profiles on Windows endpoints with Advanced EPDR/EDR protection versions 8.00.21.XXXX or 8.00.22.XX12.

Solution_

To discard that it is a false positive detection, apply the available hotfix on the affected endpoint.

  1. Download and save the hotfix file to the endpoint:
    hotfix_decoy_defender_tempfolders_gui_8.00.21.x.exe
  2. Double-click the downloaded file.
  3. If prompted, to fully apply the hotfix, restart the endpoint.

Note: To download an unattended or silent version of the hotfix, click here.