houghtonap Posted March 27, 2021 Report Share Posted March 27, 2021 I have an Hp Omen 15 laptop running the latest Windows 10 OS with all patches. I noticed three times now, that when my battery is running low, Windows pops up a low battery warning, which I respond by plugging in the wall outlet cord. When I do this, Immunet pops up a Malicious Activity Detected warnings saying: 1 of 2 "Behavioral Protection detected malicious activity [UserInitMprLoginScrcipt Registry Key Used For Persistence]. No remediating actions were taken." 2 of 2 "Behavioral Protection detected malicious activity [UserInitMprLoginScrcipt Registry Key Used For Persistence]. No remediating actions were taken." I suspect that when I plug in the cord, Windows runs something which triggers these warnings. Lastly, it would be really nice if you changed the warning dialog box text to be selectable, so I can copy/paste it into a message, or better yet put a button on there that you can click and it copies all pertinent information to the Windows clipboard and/or to a file that one might attach to a message like this. Link to comment Share on other sites More sharing options...
RxNOOB Posted March 31, 2021 Report Share Posted March 31, 2021 i'm having the same notification too on my PC with everything new and clean install and currently it keep on detecting Blackmart Alpha.apk but quarantine failed. Don't know what seem to be the issue here. Link to comment Share on other sites More sharing options...
bunnybooboo Posted April 1, 2021 Report Share Posted April 1, 2021 (edited) I'm also experiencing this issue on a brand new Lenovo V15-IIL laptop. Please note the correct spelling is: UserInitMprLoginScript. On further researching I located https://attack.mitre.org/techniques/T1037/001/ but mitigations are for enterprise systems. Seeking guidance towards resolving on a personal laptop. Edit: tested with Windows REGISTRY EDITOR open and could NOT observe anything happening in HKCU\Environment. Should that live refresh? OneDrive warned it would not sync whilst in battery saving mode. Apart from LED to power button pulsing I have no other battery warning. Tested plugging in power in multiple discharge levels. When LED started flashing Immunet warning did NOT occur when plugging in power. After OneDrive battery saver warning pop-up the Immunet warning DID occur when plugging in power. Edited April 1, 2021 by bunnybooboo Link to comment Share on other sites More sharing options...
ritchie58 Posted April 8, 2021 Report Share Posted April 8, 2021 Hi folks, Sorry for the delay in responding. I took some needed time off. That is indeed a False Positive by the ClamAV module. I would suggest you report this at Immunet's FP reporting site. https://www.immunet.com/false_positive Also, since it is a ClamAV detection you can report this directly to the ClamAV support team as well. https://www.clamav.net/reports/fp Cheers, Ritchie... 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now