SEP is removing/cleaning scsifilt.sys file in Acronis folder

Thread needs solution
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Beginner
Posts: 2
Comments: 0

Symantec Endpoint is catching and either deleting or "cleaning" a file that appears to be in the Acronis Program folder.

Here is the message from SEP:
Security Risk Found!Trojan.Gen in File: C:\Program Files (x86)\Common Files\Acronis\UniversalRestore\DriversPack\XEN64Drivers\scsifilt.sys by: Auto-Protect scan. Action: Reboot Required. Action Description: The file was repaired successfully.

Does anyone know if this is a false positive and if so what is this file for and is it a concern if it is deleted or altered? We are seeing this on clients running Acronis 10 and 11 with Symantec for antivirus.

Fri, 08/02/2013 - 20:42
0 Users found this helpful
truwrikodrorowrelupicugojestutroclulachosaswunuhospikigawakijosaswenomaruclojeueclikaspedrubewidebrisubrohutrurifruuagothunugekedrumucisiuobrobrecrupeslapuswosluprothethibakaslechurathikucli
Forum Star
Posts: 27
Comments: 1940

Yes it's a false positive. If it's altered or deleted, converting a 64-bit OS to Xen virtual machine will fail. It's not used during regular operations under Windows.

Sat, 08/03/2013 - 05:54