AppXDeploymentExtensions.onecore.dll

[MikeB]

Good morning,

This morning all the Windows Based Machines (Windows 10 and Windows Server 2012 and Windows 2008 R2) in our office running Immunet Anti Virus have this message:

AppXDeploymentExtensions.onecore.dll has been detected as W32.45D0D4390-100.SBX.TG Quarantine failed.

Any suggestions as I am not finding anything on the web about this other than AppXDeploymentExtensions.onecore.dll is a Windows Dymanic link library????

Any help appreciated!

Thanks

[amattson]

Same issue here.

 

[Guest Wookiee]

Can you all send me the hash of the file in a message? I'll check it out

[MikeB]

How do I find the hash of the file? Thanks

[Guest Wookiee]

I don't know how large the file is, but you can attempt to send that too me also.

 

Though, to pull a file hash- you will want to run powershell and run:

Get-Filehash PATH_TO_FILE sha256

 

More information:

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.utility/get-filehash?view=powershell-6

[amattson]

Files have been removed.  Looks like it was a windows update that was mistaken for a virus?  Here are the three that were installed last night.  But Hashing the file is not possible because it was removed either by a process or blocked by Immunet?

And location/name of file.

C:\Windows\SoftwareDistribution\Download\36a9e985ff06ff6fc1f5bf45ab2aa2ba\Package_for_RollupFix~~amd64~~17134.165.1.4\amd64_microsoft-windows-appx-deployment-server_31bf3856ad364e35_10.0.17134.137_none_43066d810cb0d411\AppXDeploymentExtensions.onecore.dll

[Guest Wookiee]

I would mark an exception in the settings for immunet for now, and I will see about finding out why Immunet is detecting this file as bad.

When the exception is made, try to do the windows update again.

[Guest Wookiee]

This was fixed with the signature.