False positives on process scan

Question

False positives on process scan

Closed this issue 9 months ago · 5 comments

D-Eyes Detection Result :

[ Risk 1 ]
[pid]:29048 [status]:Detect the risk of Malware Mimikatz Rule 1 | [path]:C:\Program Files\Google\Chrome\Application\chrome.exe [status]:safe | [args]:safe | [network]: null
[ Risk 2 ]
[pid]:15604 [status]:Detect the risk of Malware Mimikatz Rule 1 | [path]:C:\Program Files\Google\Chrome\Application\chrome.exe [status]:safe | [args]:safe | [network]: null

Answer 1 · 2023-12-29T08:44:16.000Z

We recommend that you upload this chrome.exe file to virustotal for further testing.

Answer 2 · 2023-12-29T08:49:17.000Z

Signed file, valid signature

https://www.virustotal.com/gui/file/33f662aec0e59c12809d5f4cf04e6626ac08728cdc2835ead0650910bdf0f772/details

Answer 3 · 2023-12-29T08:52:35.000Z

This is a false positive, thanks for your report.

Answer 4 · 2023-12-29T08:57:23.000Z

Thank you team.

Answer 5 · 2024-02-21T11:08:28.000Z

D-Eyes Detection Result :

[ Risk 1 ] [pid]:29048 [status]:Detect the risk of Malware Mimikatz Rule 1 | [path]:C:\Program Files\Google\Chrome\Application\chrome.exe [status]:safe | [args]:safe | [network]: null [ Risk 2 ] [pid]:15604 [status]:Detect the risk of Malware Mimikatz Rule 1 | [path]:C:\Program Files\Google\Chrome\Application\chrome.exe [status]:safe | [args]:safe | [network]: null

The status described after [pid] represents the security status of the process in memory. The status described after [path] represents the security status of the executable file on the disk corresponding to the process. The results above show that there is an issue with the process in memory, which is unrelated to the Chrome binary program (according to the results above, it is displayed as safe). In the future, you can judge the detection results based on this logic.