Operational Defect Database
BugZero found this defect 313 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000gDR2SAM
False Trj/RansomDecoy.A detection in WatchGuard Endpoint Security products (EDR, EDR Core, EPDR, Advanced EPDR)
Last update date:
7/11/2023
Affected products:
WatchGuard Endpoint Security
Affected releases:
All
WatchGuard Endpoint Security
Fixed releases:
All
Description:
Issue
This Known Issue applies to WatchGuard EDR, EDR Core, EPDR, and Advanced EPDR.Under rare circumstances, WatchGuard Endpoint Security products could return a false detection of Trj/RansomDecoy.A in temporary user profiles on Windows endpoints with WatchGuard Endpoint Security versions 8.00.21.xxxx or 8.00.22.xx12 installed.For information on how to determine your protection version, go to Determine the Software Version in Help Center.
Workaround/Solution
To discard a false positive detection, apply the available hotfix on the affected endpoints. Download and save the hotfix file to the endpoint: hotfix_decoy_defender_tempfolders_gui_8.00.21.x.exeDouble-click the downloaded file.If prompted, to fully apply the hotfix, restart the endpoint. Note: To download an unattended or silent version of the hotfix, click here.
