search cancel

OutlierCollectorService.exe is flagged as malicious and shows up as a Threat Feed Hit in Tasks on SEDR cloud

book

Article ID: 174752

calendar_today

Updated On:

Products

Endpoint Detection and Response Cloud Endpoint Detection and Response

Issue/Introduction

When reviewing the Tasks section of the SEDR cloud console, you see a Threatfeed hit referencing OutlierCollectorService.exe or OutlierVault.exe.

Threat Feed Hit [Path: C:\Windows\OutlierCollectorService.exe, Sha256: 0BE24242071F0EE9B459E4AFFC2B73F5FE4AD333D5327626F6D19C8113C89C24]

Resolution

This is a false positive and will be resolved in the SEDR cloud 4.3 release. As a workaround, add the hash listed to the SEDR Cloud Whitelist (Dissolvable Agent Server and CSA).