Loki / PE-Sieve reports implanted process - False Positive?
Hi, there
running a scan with the tool loki (using PE-Sieve), it gives a warning:
20240520T10:22:06Z HOME LOKI: Warning: MODULE: ProcessScan MESSAGE: PE-Sieve reported implanted process PID: 2952 NAME: bdservicehost.exe OWNER: SYSTEM CMD: "C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe" "settings/services/configs/bdshieldsrv_config.json" PATH: C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe IMPLANTED PE: 5 IMPLANTED SHC: 0
I checked the signature in windows explorer and it says that the signature is valid. Is this warning a false positive or do I need to dig deeper / take precautions?
Best Answer
-
Hello @dartyang,
I would recommend to contact Bitdefender support to inquire about the specific warning. Provide them with details from the LOKI and PE-Sieve scan, including the hash and the context of the warning. They can confirm if the detection is a false positive or if further action is needed. You can get in touch with the Bitdefender engineers by choosing one of the contact channels listed here:
State your contact reason, then choose from the available contact channels, chat, phone and email/ticket.
Chat would be the fastest way to reach them.Let us know how it goes.
Regards,
Alex
Premium Security & Bitdefender Endpoint Security Tools user
2
Answers
-
Thank you Alexandru, I will let you know once I have an update.
1