Jump to content

bradwillman

Members

  • Joined

  • Last visited

View Profile Find content

Reputation Activity

  1. Upvote
    bradwillman reacted to BartB in Microsoft Defender reporting pulsewayhardware.sys as malware   
    Several times now, Microsoft Defender for Endpoint has identified the following file as malware and has quaratined it:
    Filename:
    pulsewayhardware.sys
    Hashes:
    Hash SHA1
    d25340ae8e92a6d29f599fef426a2bc1b5217299
    Hash SHA256
    11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
    Threat:
    Winring0
    Defender engine version
    1.1.25050.6
    Defender Mocamp version
    4.18.25040.2
    VirusTotal link:
    https://www.virustotal.com/gui/file/11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5
    Detection
    VirusTotal detection ratio
    2/72
    Malware detected
    VulnerableDriver:WinNT/Winring0
    Object details
    File size
    14.54 KB
    Is PE
    true
    Issuer
    GlobalSign ObjectSign CA
    Signer
    Noriyuki MIYAZAKI
    PE metadata
    Original name
    WinRing0.sys
    Company
    OpenLibSys.org
    Product
    WinRing0
    Description
    WinRing0
    File prevalence
    Organization devices5
    Organization cloud apps0
    Worldwide devices10k+
    Worldwide observed devices
    Time
    First seen
    Mar 3, 2013 6:00:43 AM
    Last seen
    Jun 13, 2025 5:47:56 AM

    Is this an actual Pulseway file and has anyone else experienced this on any of their agents? What other info can I provide?
    And before anyone asks, I only deploy agents from the SaaS Pulseway server instance.

    Thanks,
    Bart B.