https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4621780#M6903 <P>Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability?</P><P>&nbsp;</P><P><A title="Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability" href="https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/" target="_blank" rel="noopener">https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/</A>&nbsp;</P> Tue, 31 May 2022 17:55:29 GMT olfuddyduddy 2022-05-31T17:55:29Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4621780#M6903 <P>Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability?</P><P>&nbsp;</P><P><A title="Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability" href="https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/" target="_blank" rel="noopener">https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/</A>&nbsp;</P> Tue, 31 May 2022 17:55:29 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4621780#M6903 olfuddyduddy 2022-05-31T17:55:29Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622496#M6904 <P>I believe they are awaiting a signature update from TALOS to help in detection/prevention.</P><P>&nbsp;</P> Wed, 01 Jun 2022 11:56:30 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622496#M6904 Armstnei 2022-06-01T11:56:30Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622517#M6905 <P>They added detection this morning.&nbsp; I'm just not sure not sure which engine is picking this and if it will only detect or block/quarantine.<span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="msdt.png" style="width: 951px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/152543i4365357B5F2D3B69/image-size/large?v=v2&amp;px=999" role="button" title="msdt.png" alt="msdt.png" /></span></P> Wed, 01 Jun 2022 12:25:18 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622517#M6905 sylvain.hamel1 2022-06-01T12:25:18Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622522#M6906 <P>Behavioral Protection would need to be enabled.</P> Wed, 01 Jun 2022 12:31:42 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622522#M6906 Armstnei 2022-06-01T12:31:42Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622651#M6907 <P>How is it known that this is Behavioral Detection and not Exploit Prevention,&nbsp;Exploit Prevention-Script Control, System Process Protection, or Malicious Activity Protection? Is there a place to look to confirm this?</P> Wed, 01 Jun 2022 15:36:48 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4622651#M6907 olfuddyduddy 2022-06-01T15:36:48Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623586#M6909 <P>Hello S.H.,</P><P>Thank you for posting this.&nbsp; If you don't mind sharing a little more, where is this information from?&nbsp; How do I find this information source for future reference?&nbsp; Thank you for any assistance you can provide.</P><P>&nbsp;</P><P>-&nbsp; CB</P> Thu, 02 Jun 2022 20:40:41 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623586#M6909 crockbot 2022-06-02T20:40:41Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623595#M6910 <P>I found it in the Indicators page (<A href="https://console.amp.cisco.com/indicators" target="_blank">Indicators (cisco.com)</A></P><P>&nbsp;</P><P>In Analysis--&gt;Indicators of the console.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="msdt2.jpg" style="width: 426px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/152671iD05A1374B358F9DE/image-size/large?v=v2&amp;px=999" role="button" title="msdt2.jpg" alt="msdt2.jpg" /></span></P><P>&nbsp;</P><P>&nbsp;</P> Thu, 02 Jun 2022 21:25:40 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623595#M6910 sylvain.hamel1 2022-06-02T21:25:40Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623596#M6911 <P>Just sad that they don't have a published/modified date that we could filter on (so that you can see new Indicators added easily....).</P> Thu, 02 Jun 2022 21:27:02 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623596#M6911 sylvain.hamel1 2022-06-02T21:27:02Z https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623604#M6912 <P>Thank you Sylvain. I was able to find the same indicator using general search on "msdt". I'm still trying to determine which AMP detection engine is necessary to be certain this is detecting in my enterprise. The indicator doesn't have that information listed on the indicator blurb. Any clues as to how you determined behavioral engine to be the engine necessory to make use of this indicator?</P> Thu, 02 Jun 2022 21:44:11 GMT https://community.cisco.com/t5/endpoint-security/cve-2022-30190/m-p/4623604#M6912 olfuddyduddy 2022-06-02T21:44:11Z