cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
samms
Level 7
Report Inappropriate Content
Message 1 of 4

Mimikatz from Defender during Installation

Jump to solution

Whilst installing McAfee at home on a freshly reset laptop, while the installer was at about 80% to completion of setup, a notification came up that reads:

”Windows Defender

Threats found. 
HackTool:Win32/Mimikatz!commands”

when I check the protection history on Defender nothing shows up. This is a fresh install of Windows 10 and the only thing that is on the system is McAfee. Please advise on next steps... is this a threat which McAfee hasn’t picked up?

1 Solution

Accepted Solutions
Madhan
Moderator
Moderator
Report Inappropriate Content
Message 2 of 4

Re: Mimikatz from Defender during Installation

Jump to solution

Hello @samms 

Is McAfee installed completely and are you able to open the console to fun a scan, change firewall settings etc.? If so, please run a Full Scan and check ,

You may also run the below McAfee Malware Cleaner tool to remove infections.

McAfee Malware Cleaner: What is it?

Regards,
Madhan M

View solution in original post

3 Replies
Madhan
Moderator
Moderator
Report Inappropriate Content
Message 2 of 4

Re: Mimikatz from Defender during Installation

Jump to solution

Hello @samms 

Is McAfee installed completely and are you able to open the console to fun a scan, change firewall settings etc.? If so, please run a Full Scan and check ,

You may also run the below McAfee Malware Cleaner tool to remove infections.

McAfee Malware Cleaner: What is it?

Regards,
Madhan M

View solution in original post

samms
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Mimikatz from Defender during Installation

Jump to solution

McAfee did install successfully. I've just run the Malware tool, it removed like 60 items from the registry (mainly what appears to be VLC file associations) and 0 files. I think it is all clear now. Will run a full scan tomorrow in the morning.

Some Google searched found this on the McAfee Knowledge Center, and its date is very recent. Could this be it? Though I don't use McAfee Endpoint Security, I use Total Protection as a consumer licence.

samms
Level 7
Report Inappropriate Content
Message 4 of 4

Re: Mimikatz from Defender during Installation

Jump to solution

Aha, just checked Event Viewer and sorted by Windows Defender. Found this, it was a false positive indeed. Thanks for letting me work this through, and for showing me the McAfee Malware removal software!

Microsoft Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Mimikatz!commands&threatid=2147740...
Name: HackTool:Win32/Mimikatz!commands
ID: 2147740586
Severity: High
Category: Tool
Path: file:_C:\Program Files (x86)\McAfee\Temp\qxzE386\hiphandlers.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
User: DELL\--redacted--
Process Name: C:\Users\aminu\AppData\Local\Temp\CSISCache\Install\Download_Files\default\mpf\mcinst.exe
Security intelligence Version: AV: 1.303.25.0, AS: 1.303.25.0, NIS: 1.303.25.0
Engine Version: AM: 1.1.16400.2, NIS: 1.1.16400.2
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community