Hi, daily we're seeing about 50-60 of these detection (risk report every 24 hours)
They are blank, they have no path, no hash,no source,they are WS.reputation.1 but they also say "reputation was not used in this detection"
It doesn't appear to effect anything the machine is trying to *do* but it does alert the user and we're getting tickets because of course people are worried. Full scans reveal nothing, their client logs show no more than shown below.
Event |
Source |
Risk Name |
File Path |
Actual Action |
|
|
|
|
|
Security risk found |
Auto-Protect |
WS.Reputation.1 |
Unavailable |
Deleted |
|
|
|
|
|
Requested Action |
Secondary Action |
Event Date |
Event Insert Time |
Quarantine |
Leave alone (log only) |
4/1/2020 22:39 |
4/1/2020 22:40 |
Source Computer Name |
Source Computer IP |
Application Name |
Application Hash |
|
0.0.0.0 |
|
|
Hash Algorithm |
Category set |
Category type |
Detection Reason |
Not Available |
Malware |
Insight Network Threat |
Antivirus engine |
Minimum Sensitivity Level |
Prevalence |
Reputation |
First Seen |
N/A |
Reputation was not used in this detection. |
Reputation was not used in this detection. |
Reputation was not used in this detection. |