First time posting but member for about 8 months now. Just in the last 24 hours I've noticed infection detections by KES on approximately 60 machines across 15 environments labeled as a Luhe.Susphat.1. The first couple of detections seemed to target and destroy UPS Worldship on 2 machines, as I'm now finding it appears more widely spread, however not affecting a large number per site currently. Anyone else seeing anything like this?
Below is a screenshot from one machine, each one detects between 100 and 170 instances of the "virus" so far.
Although I cannot say with any certainty, it is possible what you're seeing may be related to an issue currently being investigated by Kaseya and AVG (AVG is the engine behind the KES module). Another community member recently posted some information regarding his findings pointing to the same file you reference. You may want to review that post here: community.kaseya.com/.../97147.aspx
I would also recommend you open a ticket with Kaseya Support at helpdesk.kaseya.com to ensure your case is investigated for any correlation between what you're seeing and the larger issue being reported. If they are related, your ticket can be linked to the master incident. If they are not related, your case can be investigate independently to determine the possible cause/validity of the reports.
Thank you, this is very helpful.