Sign in to follow this  
Followers 0
lascetic

oem.exe false positive

3 posts in this topic

There is this file oem.exe located at C:\Users\[username]\AppData\Local\Kingsoft\WPS Office\10.1.0.5552\office6\cfgs\oeminfo that SAS detects as trojan. However, I believe it to be false positive as it comes together with WPS Office which I have downloaded and installed from their original site.

 

In virus total only SAS detects it as malware: https://www.virustotal.com/en/file/5c265b933456ab42d327cba8f8f180c81521baeb008569e335740fdec7457c94/analysis/1461065930/

 

Please, look into it. Thanks a lot.

Share this post


Link to post
Share on other sites

Hello lascetic,

 

I have done some investigation and I believe I have found the cause of this false detection. I have adjusted the definition database and this file should no longer be detected as of database version 12603, which was just released.

 

Update to 12603 and scan again (a restart of SAS may be required).

 

Please let me know if this resolves the false detection, or if you have any other questions or concerns.

 

Gabe

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0