-
Chris Toews
0I'm wondering if anyone else is running into this.
I'm getting notified about C:\Windows\explorer.exe
Is this DI blocking the windows explorer itself? or is explorer being used to try to run some code? Should I add the file to the allow list, or will this allow crazy stuff to be run from an explorer window? below are the details of the notification:
Event ID XXXXXX
Occurrences 1
Start Date 2024-06-11 17:47:28.882089
Received on Server 2024-06-11 17:47:32.201895
Last Occurrence 2024-06-11 17:47:28.882089
Event Type Behavioral Analysis - Arbitrary Shellcode
Deep Classification None
Threat Severity Very high
Details C:\Windows\explorer.exe
File Type PE
File Hash 1bb449c7c14500efc1325cf6a6fd8ef9ffd0216d120187298d57706c3eb6d3db
MITRE ATT&CK mitreId=TA0002.T1204.002 mitreTactic=Execution mitreTechnique=User Execution mitreSubTechnique=Malicious File
Device IP 192.168.1.28
Device Name XXX-PC
Platform Windows
Logged in Users XXX-PC\eric,XXX-pc\Timothy
Welcome to MSP360 Forum!
Thank you for visiting! Please take a moment to register so that you can participate in discussions!
Categories
- MSP360 Managed Products
- Managed Backup - General
- Managed Backup Windows
- Managed Backup Mac
- Managed Backup Linux
- Managed Backup SQL Server
- Managed Backup Exchange
- Managed Backup Microsoft 365
- Managed Backup G Workspace
- RMM
- Connect (Managed)
- Deep Instinct
- CloudBerry Backup
- Backup Windows
- Backup Mac
- Backup for Linux
- Backup SQL Server
- Backup Exchange
- Connect Free/Pro (Remote Desktop)
- CloudBerry Explorer
- CloudBerry Drive
More Discussions
- Terms of Service
- Useful Hints and Tips
- Sign In
- © 2024 MSP360 Forum