Using Avast! Endpoint Protection 8.0.1603 with definitions version 150113-0 on a Windows 7 SP 1 32-bit computer. We do this in a networked environment using SOA 1.3.3.35.

Yesterday I did a full machine scan on the Windows 7 machine. The scan results did not include anything except two passworded zip files. However, this morning I got an email report from the SOA that 44 “rootkits” were found on that machine. I looked at Reports>Scan Log in the SOA console and found that just about every item in the list refers to a standard Windows 7 dll file. (See attached screenshot).

What is going on here?

1. If the scan found problems, why didn’t they appear in the results displayed on that machine by the client at the time of the scan?

2. Why are standard Windows dlls being identified as “rootkits”?

I do not believe the computer in question is infected by anything. It runs fine and it does not generate any Shield Log reports in the SOA.

Thanks for any ideas.

winsxs folder detections sometimes happen if you scan right after windows update

if you reboot and scan again it should be gone … why this happens, i have no idea, but reported many times here

here are some
https://forum.avast.com/index.php?topic=161757
https://forum.avast.com/index.php?topic=156947

Ah, I see.

Thank you!