Riskware/XYNTService
Analysis
Riskware/XYNTService is a detection for a Riskware tool that was based on the XYNTService.exe, an open source program that can
allow programs/service to have an auto start and persistency. Malicious programs may utilize this XYNTService.exe to make the malwares start
even before the user has logged on and stay running/executing even after the user has logged off.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |