Adlice forum

Software feedback => RogueKiller => Topic started by: Rivanni on April 12, 2017, 09:49:19 PM

Title: Is this a real threat?
Post by: Rivanni on April 12, 2017, 09:49:19 PM

Code: [Select]

RogueKiller V12.10.4.0 (x64) [Apr 10 2017] (Free) by Adlice Software
Operating System : Windows 10 (10.0.15063) 64 bits version

¤¤¤ Files : 1 ¤¤¤
[Adw.WinSec|PUP.Gen1][Folder] C:\Program Files\Windows Security -> Found

Is this a real threat? The folder contains browsercore.exe (no hits in VirusTotal) and a manifest.json file.
In the json file these lines of text:

Code: [Select]

{
  "name": "com.microsoft.browsercore",
  "description": "BrowserCore",
  "path": "BrowserCore.exe",
  "type": "stdio",
  "allowed_origins": [
    "chrome-extension://ppnbnpeolgkicgegkbkbjmhlideopiji/"
  ]
}
When I search for that extension I get
https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji
which is an extension for "Sign in to supported websites with accounts on Windows 10".
It's made by Microsoft.
Sounds legit.
The only thing is that I don't have this extension installed.

Title: Re: Is this a real threat?
Post by: Curson on April 12, 2017, 10:56:23 PM

Hi Rivanni,

Welcome to Adlice.com Forum.

This folder is quite unknown but it may be part of Windows 10 Creators Update.
Could you please zip the whole folder and attach the archive with your next reply ?

Regards.

Title: Re: Is this a real threat?
Post by: bel57 on April 30, 2017, 10:53:27 PM

Hello there,

Glad I found a topic exactly related to my issue. I performed a scan with RogueKiller previously today and no thread found.
But now it just detected C:\Program Files\Windows Security as a PUP.Gen1 activity.

Looks like this is legit and corresponds to a browser addon allowing to directly connect via supported websites (mostly MS/Azure).
https://chrome.google.com/webstore/detail/windows-10-accounts/ppnbnpeolgkicgegkbkbjmhlideopiji
https://azure.microsoft.com/services/active-directory/
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/17438821-add-support-for-google-chrome-under-azure-ad-condi

Pretty sure it's related to Win10 Creators Update.

Title: Re: Is this a real threat?
Post by: Curson on April 30, 2017, 11:30:36 PM

Hi bel,

Welcome to Adlice.com Forum.
Could you please attach RogueKiller full report with your next reply ?

Regards.

Title: Re: Is this a real threat?
Post by: bel57 on May 01, 2017, 12:01:59 AM

Here you go. By the way, can you tell me if you find anything wrong?
I think everything is all green, but well, prevention is better than cure  :P

Title: Re: Is this a real threat?
Post by: Curson on May 01, 2017, 02:51:54 PM

Hi bel,

Everything is OK.
Your system is clean.

Regards.

Title: Re: Is this a real threat?
Post by: bel57 on May 01, 2017, 02:54:25 PM

Thanks for your fast reponse and feedback.

RogueKiller rules  :)

Title: Re: Is this a real threat?
Post by: Curson on May 01, 2017, 03:08:04 PM

Hi bel,

You are welcome.
Thanks for the kind words.

Regards.