MicrosoftMicrosoft
MicrosoftAh, I think I understand now.
To summarize - the original VirusTotal scan you reported is https://www.virustotal.com/gui/file/4063678b979a5423445068312730cbfd549073af093db84486fa9e4fc20806c7/detection.
Also your Reddit post - https://www.reddit.com/r/antivirus/comments/1j2s326/virustotal_relations/.
I'm checking the docs and it's unclear to me what their "Microsoft Sysinternals" package is - https://docs.virustotal.com/docs/external-sandboxes. It looks to be "Microsoft.SysInternals" from the winget community packages - https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/Microsoft/Sysinternals/2025-02-13/Microsoft.Sysinternals.installer.yaml, which is a 3rd party package that does reference the official source. In this case, the first party package would be Sysinternals Suite from the Store - https://apps.microsoft.com/detail/9P7KNL5RWT25?hl=en-us, id 9P7KNL5RWT25.
Regardless, none of the Sysinternals tools "call home". It remains to evaluate what those "Relations " / "Behavior" -> "Network comm" reports from VirusTotal mean. It seems, like NateL1010 reported, to be extra traffic from any source, as noticed within the infrastructure at the time, so possibly benign. As a note, "static" analysis as performed by a service probably can't account for all the possible network activity of a program running on a live system.
Sorry, can't post my answer as text (I think your site already hates me):
p.s.
WTF "invalid HTML"? 🥲
MicrosoftI can understand your frustration. Keep in mind that this is a VirusTotal matter, that's why I was confused at first
Not sure why the techcommunity engine wouldn't let you post links. I transcribed them and added them in my first reply, and it just worked. I'll see whether I can loop someone from VirusTotal in; I don't think they're affiliated to Microsoft, but I am curious now.
Cheers!
Alex
