Jump to content

Malicious Activity Detected, Doubtful

Recommended Posts

I have an Hp Omen 15 laptop running the latest Windows 10 OS with all patches. I noticed three times now, that when my battery is running low, Windows pops up a low battery warning, which I respond by plugging in the wall outlet cord. When I do this, Immunet pops up a Malicious Activity Detected warnings saying:

1 of 2 "Behavioral Protection detected malicious activity [UserInitMprLoginScrcipt Registry Key Used For Persistence]. No remediating actions were taken."

2 of 2 "Behavioral Protection detected malicious activity [UserInitMprLoginScrcipt Registry Key Used For Persistence]. No remediating actions were taken."

I suspect that when I plug in the cord, Windows runs something which triggers these warnings.

Lastly, it would be really nice if you changed the warning dialog box text to be selectable, so I can copy/paste it into a message, or better yet put a button on there that you can click and it copies all pertinent information to the Windows clipboard and/or to a file that one might attach to a message like this.

Link to comment
Share on other sites

I'm also experiencing this issue on a brand new Lenovo V15-IIL laptop. Please note the correct spelling is: UserInitMprLoginScript.

On further researching I located https://attack.mitre.org/techniques/T1037/001/ but mitigations are for enterprise systems. Seeking guidance towards resolving on a personal laptop.

Edit: tested with Windows REGISTRY EDITOR open and could NOT observe anything happening in HKCU\Environment. Should that live refresh? OneDrive warned it would not sync whilst in battery saving mode. Apart from LED to power button pulsing I have no other battery warning. Tested plugging in power in multiple discharge levels. When LED started flashing Immunet warning did NOT occur when plugging in power. After OneDrive battery saver warning pop-up the Immunet warning DID occur when plugging in power.

Edited by bunnybooboo
Link to comment
Share on other sites

Hi folks,

Sorry for the delay in responding. I took some needed time off.

That is indeed a False Positive by the ClamAV module. I would suggest you report this at Immunet's FP reporting site. https://www.immunet.com/false_positive

Also, since it is a ClamAV detection you can report this directly to the ClamAV support team as well. https://www.clamav.net/reports/fp

Cheers, Ritchie...

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...