Kaspersky Detects TriggerCMDAgent.exe as Win32.BSS.ScreenLock
-
Hello, I'm using Kaspersky Total Security, and it's deleted c:\users\xxx\appdata\local\triggercmdagent\app-1.0.22\triggercmdagent.exe as Win32.BSS.ScreenLock and deleted it.
Any insight?
Thank you
-
@Lewis-S, it's a false positive unless the exe has been manipulated. If you have another PC with TRIGGERcmd you could copy the exe from it and do a file compare with the fc command. That assumes Kapersky moved it to quarantine rather than deleting it.
If you confirm it's the same, you can exclude it from scanning, and ideally report the false positive to Kapersky.
Later today I'll see if I can get a copy of Kapersky to try a scan.
-
I'll redownload it and see if It redetects if i scan it.
I'll report as false positive.
Thanks!
-
hey @Russ ,
It's having a right fit about TriggerCMD making TCP connections, and running Command Host processes!I've allowed it to do all these, there was lots of these boxes to allow!
I'm unsure why only now it decides that TriggerCMD is not okay!
-
@Lewis-S, I don't know. Maybe Kaspersky has heuristics that noticed the agent running commands it thought were suspicious. Not necessarily on your computer, but it ended up in their database as a suspicious exe. Just a theory.
-
@Russ I would say so.
It's uninstalled it again for me at some point so I'll need to find a way to trust TriggerCMD.
-
@Lewis-S, I see a "Apply always" option on your screenshot. That might prevent it from deleting the .exe. You could also exclude that folder from scans.