Coming from 2020.2.1, I installed HF1 early morning Monday. I then downloaded and ran the Microsoft Safety Scanner and my systems came back clean. I also ran Yara with the FireEye signatures. This also came back clean.
Yesterday evening, after installing HF2, I redownloaded and reran the Microsoft Safety Scanner just to be on the safe side. This morning, I logged in and saw that it has detected Solarigate. I checked the hash of the binary and it was the clean version. I've now shut down our systems.
Before I rebuild and possibly reinstall the same file and get the same detection, has anyone else seen this? Is it possible this is a false positive?
Solved! Go to Solution.
That's interesting, but when I downloaded and ran the Safety Scanner Monday morning, it didn't detect anything. It was only after I updated to HF2 AND re-downloaded the latest Safety Scanner that it was detected. I'm guessing MS added signatures.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.