Trj/RansomDecoy.A false positive detections with Advanced EPDR/EDR

Trj/RansomDecoy.A false positive detections with Advanced EPDR/EDR

• Advanced EPDR
• Advanced EDR

Resolved in Hotfix / v.8.00.24.X

Trj/RansomDecoy.A false positive detections with Advanced EPDR/EDR products.

Apply the available hotfix on the affected endpoint. If after applying the hotfix you still see Trj/RansomDecoy.A detections, contact Support.

1. Download and save the hotfix file to the endpoint:
   hf-wgua4287-wpdecoy-systemprocess.exexe
2. Double-click the downloaded file.
3. The hotfix installation does not require restarting the computer. However, under certain circumstances, you may be prompted to restart for the hotfix to be fully applied. If you cannot restart the computer right away, select No when prompted. This postpones the application of the hotfix until the next system restart.

Note: To download an unattended or silent version of the hotfix, click here. The hotfix is applied after the next system restart.

Release Notes
Find all the changes the hotfix includes.

Affected versions

From v8.00.22.0010 to v8.00.23.0001  (included)

To see your Advanced EPDR/EDR version, see this article.

File Details
The hotfix updates the following file:

Verify Hotfix Application
To confirm the correct application of the hotfix, check the file version (in File Details section) or else, verify the values of these Registry keys:

Installation requirements of products based on Cytomic Platform for Windows

• Cytomic EPDR
• Cytomic EDR

Workstations

• Windows XP 32-bits SP3
• Windows Vista (32 and 64-bits)
• Windows 7 (32 and 64-bits)
• Windows 8 (32 and 64-bits)
• Windows 8.1 (32 and 64-bits)
• Windows 10 (32 and 64-bits)

Servers

• Windows 2003 (32, 64-bits and R2) SP2 and superiores
• Windows 2008 (32 and 64-bits) and 2008 R2
• Windows Small Business Server 2011, 2012
• Windows Server 2012 R2
• Windows Server 2016
• Windows Server 2019
• Windows Server Core 2008, 2008 R2, 2012 R2, 2016 and 2019

• Processor: CPU with x86 or x64 architecture and with support of at least SSE2
• RAM: 1 Gbyte
• Free space in disk for the installation: 650 Mbytes

Supported operating systems

• Exchange 2003: Windows Server 2003 32-bits SP2+ and Windows Server 2003 R2 32-bits
• Exchange 2007: Windows Server 2003 64-bits SP2+, Windows Server 2003 R2 64-bits, Windows 2008 64-bits and Windows 2008 R2
• Exchange 2010: Windows 2008 64-bits and Windows 2008 R2
• Exchange 2013: Windows Server 2012 y Windows Server 2012 R2
• Exchange 2016: Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016.
• Exchange 2019: Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019.

Hardware and software requirements

The hardware requirements to install the protection on Exchange servers are the ones determined by the Exchange Server:

• Exchange 2003: http://technet.microsoft.com/es-es/library/cc164322(v=exchg.65).aspx
• Exchange 2007: http://technet.microsoft.com/es-es/library/aa996719(v=exchg.80).aspx
• Exchange 2010: http://technet.microsoft.com/es-es/library/aa996719(v=exchg.141).aspx
• Exchange 2013: http://technet.microsoft.com/es-es/library/aa996719(v=exchg.150).aspx
• Exchange 2016: https://technet.microsoft.com/es-es/library/aa996719(v=exchg.160).aspx

Exchange versions supported

• Microsoft Exchange Server 2003 Standard and Enterprise (SP1 / SP2)
• Microsoft Exchange Server 2007 Standard and Enterprise (SP0 / SP1 / SP2 / SP3)
• Microsoft Exchange Server 2007 included in Windows SBS 2008
• Microsoft Exchange Server 2010 Standard and Enterprise (SP0 / SP1 / SP2)
• Microsoft Exchange Server 2010 included and Windows SBS 2011
• Microsoft Exchange Server 2013 Standard and Enterprise
• Microsoft Exchange Server 2016 Standard and Enterprise
• Microsoft Exchange Server 2019 Standard and Enterprise