[ThatOneDude]

Hello, just now Malwarebytes just detected and quarantined a file it detected as malware, but after looking up the specific file it quarantined I am beginning to suspect it is a false positive. However in the interest of my security I'm reluctant to just restore it just in case it IS malware. So I would like to ask for assistance in determining whether or not it is truly malware.

 

The file in question is C:\Windows\System32\drivers\agilevpn.sys, which was detected to be infected with Unknown.Rootkit.Driver.

 

Thank you for assisting me with this.

[Advertisements]

Hello,

It appears to be a false positive and was supposed to be fixed in March.

Other complaints here

https://forums.malwa...ve-agilevpnsys/

[zep516]

Hello,

It appears to be a false positive and was supposed to be fixed in March.

Other complaints here

https://forums.malwa...ve-agilevpnsys/

[ThatOneDude]

Ya i read that forum it's what tipped me off that this might be a false positive. Would you advise doing any scans or looking at the logs to ensure this is actually a false positive? Or just go restore it now?

[zep516]

Hello,

Just go an restore it.

agilevpn.sys-->RAS Agile Vpn Miniport Call Manager.

It's not a rootkit driver.

Up-Date Malwarebytes or check to make it is up to date,

Thanks
Joe

[ThatOneDude]

Ok thanks for helping. Sorry if this felt like a waste time.

[zep516]

Hello,

Not a waste a time at all, and a very good question from you.