Suddenly Defense+ is blocking 100-200 ‘intrusions’ a session and the one being blocked the most by far is ‘Ping.exe’. Am using ‘Custom Policy’ but that is not new.
Should it be blocked and why now?
Can you show a screenshot of the logs?
Ping.exe should be in System32 directory, is a MS system file, and its properties should show as much. If ping.exe is located anywhere else, it is most likely malware. And nasty financial malware at that:
Per Theatfire:
The following threats are known to be associated with the file “ping.exe”:
Threat Alias Number of Incidents
Infostealer [Symantec] 1
PWS-Banker [McAfee] 1
Trojan.Win32.Chifrax.c [Kaspersky Lab] 1
Trojan-Spy.Win32.Banker.fjb [Kaspersky Lab] 1
TSPY_BANKER.LLU [Trend Micro] 1