Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials
Store

After installing HF2, Microsoft Safety Scanner detects Solarigate?

Coming from 2020.2.1, I installed HF1 early morning Monday. I then downloaded and ran the Microsoft Safety Scanner and my systems came back clean. I also ran Yara with the FireEye signatures. This also came back clean.

Yesterday evening, after installing HF2, I redownloaded and reran the Microsoft Safety Scanner just to be on the safe side. This morning, I logged in and saw that it has detected Solarigate. I checked the hash of the binary and it was the clean version. I've now shut down our systems.

Before I rebuild and possibly reinstall the same file and get the same detection, has anyone else seen this? Is it possible this is a false positive?

Find more posts tagged with

Accepted answers

nickzourdos

Please see this: https://thwack.solarwinds.com/t5/NPM-Discussions/Solarigate-Infected-Web-Front-End-Pre-March-2020/m-p/612950/highlight/true#M150977

All comments

nickzourdos

Please see this: https://thwack.solarwinds.com/t5/NPM-Discussions/Solarigate-Infected-Web-Front-End-Pre-March-2020/m-p/612950/highlight/true#M150977

mrchesnutt

That's interesting, but when I downloaded and ran the Safety Scanner Monday morning, it didn't detect anything. It was only after I updated to HF2 AND re-downloaded the latest Safety Scanner that it was detected. I'm guessing MS added signatures.

aLTeReGo

Can you post the Windows Safety Scanner Log file located under 'C:\Windows\Debug\msert.log'?