Hi,

At the end of a daily flash scan, I received a notification about "System.Core.ni.dll" detected as "Trojan.GenericFCA.Agent.43742" on a server.

Detection : Trojan.GenericFCA.Agent.43742
Fingerprint (SHA-256) : 037d21bde9393560e7302376e58d4c5d7d7a35b33cc158047cb36d63b2a9b2cf
File Name : System.Core.ni.dll
File Path : C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\98921009e55886bd7472286a92fc76d7\System.Core.ni.dll
Parent : No parent SHA/Filename available.

On VirusTotal, there is "5 security vendors flagged this file as malicious".tr
Some security vendors who flagged the file 1 hour ago don't flag it anymoe as malicious. Others security vendors have just flagged it.

I would tend to think this is a false positive.
Your opinion ?

Kind regards,
Ludovic