CSAW.exe

[IT-LVHC]

I got an alert from my firewall that it detected a malware download and identified the file csaw.exe as malware.  It was located on a system in the following folder: c:\Windows\System32\config\systemprofile\AppData\Roaming\PCDr\Update\Binaries

I know that PCDr is part of the Dell Support Assist suite and provides the system diagnostics. Is csaw.exe a legitimate and necessary part of PC-Doctor and/or Dell Support Assist, or is it truly malware to be removed?

Thanks.

[PCD_James]

Hello,

CSAW is an update utility for SupportAssist and is a legitimate program. If you wouldn't mind answering, what AV do you use that flagged the file? We will need to work with them to remove the false identification of CSAW as a virus. Thank you for reaching out!
-James

[IT-LVHC]

Thanks for responding.  It was flagged by my Cisco Meraki firewall's Advanced Malware Protection cloud service.  Here is the message I got:
----------------
We've received new information from the Advanced Malware Protection (AMP) cloud about 1 file downloaded on your network.
The following files were determined to be malicious in retrospect:
File Name / Hash:    W32.Auto.923302.MASH.RT.SBX.VIOC / 923302a9ceb5303d715f4a615a7d438cf8ee9ed3754462bb98efbb86cd2c5910 (link)
Download Info:    2018-07-03 6:07 AM PDT, by xxx.xxx.xxx.xxx
File URI / Server IP:    http://content.dellsupportcenter.com/updates/tora/6992/1111/00/builds/CSAW.exe.003 (23.72.35.152)
Original Disposition:    Malicious
You can investigate the impact in the Security Center.
You can also learn more about AMP's retrospective malware protection in the Meraki documentation.
- Cisco Meraki
----------------

-IT-LVHC