"SecureDriveService.dll"

jesusyas — Mon, 03 Oct 2022 10:30:25 GMT

Hello,

While performing a malware analysis on Cortex XDR, Wildfire has detected a file on the computer as possible malware. The file has also been analyzed in other intelligence tools and has not been detected as malicious, the only tool that detects it as malware is Palo Alto Networks. It is the file "SecureDriveService.dll", with description PE32+ executable (DLL) (GUI) x86-64, for MS Windows, with SHA256: e69a1b28a5b71549177f09a9ef7a336831400479ce6f3c6856bc8a818170745d.

Please , could you give us some feedback and indicate if it can be treated as false positive?

Re: "SecureDriveService.dll"

S.Cantwell — Mon, 03 Oct 2022 17:32:10 GMT

Can you share the Wildfire report, or what characteristics that this hash is deplaying? Recall that WF finds zero day sometimes day/hours/weeks before other vendors. So the lack of info from the other vendors does not necessarily meeting that it is safe; only that they do not yet know what that hash is. You may want to research a little more.

topic Re: "SecureDriveService.dll" in General Topics

"SecureDriveService.dll"

Re: "SecureDriveService.dll"