HP Support Assistant calling a file with double extension, violates McAfee ePO default rules

2 posts / 0 new
Last post
Author
Message
gregory.burton
Posted: 8 November 2020 - 3:38pm
HP Support Assistant calling a file with double extension, violates McAfee ePO default rules

We operate McAfee ePO 5.10 with the ATP modules on our endpoints. One of it's default rules is to block executions that call files with double extensions.

There have been 19 incidents with various computers this month of HPSSFUpdater.exe calling such a file as follows. 13 of incidents these happened this morning.

Source: "C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe" /f

{username} ran C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe, which tried to access the file C:\Users\{username}\AppData\Local\Temp\tmp6EB0.tmp.bat, violating the rule "Suspicious Double File Extension Execution", and was blocked. For information on how to respond to this event, see KB85494.

 

Now, I can have an exception arranged for HPSSFUpdater.exe, but this'll pop up for a lot of customers. If the program was reworked to avoid calling a file with a double extension, that would resolve this in all cases - from HP's point of view.

Top
Author
Message
txvalp
Posted: 13 November 2020 - 8:49am
Re: HP Support Assistant calling a file with double extension

I forwarded the email to Support Assistant. They've indicated they have fixed this issue. Let me know if you are still seeing it so we can follow up.

If the issue is still there, please let us know the version of HPSA you are running.

 

 

 

 

 

 

Top
Please login to comment