ControlUp Community

Connect, Learn, and Grow

Discussion on Virus Detection in ControlUp Folder

Posted on

A user shared their findings on the ControlUp folder – it looks like after 5 days, eicar was no longer detected as a virus. The user did not know what a bloom filter was, so they sent the logs to a defender expert. After researching, they became more confused and someone joked about flowers.

Read the entire ‘Discussion on Virus Detection in ControlUp Folder’ thread below:

@member its interesting, so I pulled my timeline on eicar.

It looks like after 5 days of detecting eicar as a virus (once a day), it stopped seeing it as a virus:

@member ⬆️

In the controlup folder: 2024-04-16T15:33:21.941Z Matched bloom filter (standard) (setting ELBF) (\Device\HarddiskVolume3\ProgramData\ControlUp\SRM\Tests\http://eicar.com)

2024-04-16T15:33:21.941Z Matched bloom filter (standard) (setting ELBF) (\Device\HarddiskVolume3\ProgramData\ControlUp\SRM\Tests\http://eicar.com)

2024-04-16T15:33:21.941Z Matched bloom filter (standard) (setting ELBF) (\Device\HarddiskVolume3\ProgramData\ControlUp\SRM\Tests\http://eicar.com)

2024-04-16T15:33:21.941Z Matched bloom filter (standard) (setting ELBF) (\Device\HarddiskVolume3\ProgramData\ControlUp\SRM\Tests\http://eicar.com)

2024-04-16T15:33:21.942Z [RTP] [MpRtp] Engine VFZ lofi/sample/expensive: \Device\HarddiskVolume3\ProgramData\ControlUp\SRM\Tests\http://eicar.com. status=0x40070000, statusex=0x210, threatid=0x7fffffff, sigseq=0x55551ed93ef

2024-04-16T15:33:22.454Z [NRI] Successfully updated NIS service with platform settings for enforcement level Block

2024-04-16T15:33:37.047Z FP supression checks:CheckTrusted=true (Sigseq=0x555dc2dddb0), CheckLimit=true, IsNotRevokedCertSig=true, IsNotFpCheckDisabledSig=true, IsSignedFileCheck=false, IsNotExcludedCertificate=true (FriendlySigSeq=0x0)

2024-04-16T15:33:37.047Z [Cloud] Engine is requesting config to do cloud query [regular network].

2024-04-16T15:33:37.052Z [Cloud] SubmitReport(CMpSpyDssContext), ShouldSendEvenOnPaidNetworks: 1

2024-04-16T15:33:37.052Z [Cloud] Start of cloud request. Passive mode: 0

2024-04-16T15:33:37.052Z [Cloud] Queued cloud request.

2024-04-16T15:33:37.052Z [Cloud] MpEngineCloudRequest(). hr = 0

2024-04-16T15:33:37.052Z [Cloud] Dequeued cloud request.

2024-04-16T15:33:37.053Z [Cloud] RpcSpynetQueueGenerateReport(). hr = 0

2024-04-16T15:33:37.240Z SDN:SDN query completed: 00000000

2024-04-16T15:33:37.240Z [Cloud] End of cloud request.

I don’t really know what a bloom filter is

I sent the logs to a defender expert I know

I looked up bloom filter and honestly got more confused

Sounds wonderful to be honest

lol someone likes flowers

Continue reading and comment on the thread ‘Discussion on Virus Detection in ControlUp Folder’.  Not a member? Join Here!

Categories: All Archives, ControlUp for Compliance
Topics: ,

Ask Us Anything, Connect, Learn, and Grow with the ControlUp Community!

Login to the ControlUp Community to ask us anything, stay up-to-date on what’s new and coming soon and meet other like-minded techies like you.

Not already a member? Join Today!