"SecureDriveService.dll"

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

"SecureDriveService.dll"

L0 Member

Hello,

While performing a malware analysis on Cortex XDR, Wildfire has detected a file on the computer as possible malware. The file has also been analyzed in other intelligence tools and has not been detected as malicious, the only tool that detects it as malware is Palo Alto Networks. It is the file "SecureDriveService.dll", with description PE32+ executable (DLL) (GUI) x86-64, for MS Windows, with SHA256: e69a1b28a5b71549177f09a9ef7a336831400479ce6f3c6856bc8a818170745d.

 

Please , could you give us some feedback and indicate if it can be treated as false positive?


BR

 

1 REPLY 1

Cyber Elite
Cyber Elite

Can you share the Wildfire report, or what characteristics that this hash is deplaying?  Recall that WF finds zero day sometimes day/hours/weeks before other vendors.  So the lack of info from the other vendors does not necessarily meeting that it is safe; only that they do not yet know what that hash is.   You may want to research a little more.

Help the community: Like helpful comments and mark solutions
  • 1090 Views
  • 1 replies
  • 0 Likes
  • 101 Subscriptions
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!