01-23-2024 09:20 AM
In the last hour I've been receiving an uptick of alerts for w32.4173FC5A68.infostealer-psexec.talos.sso with the file path:
File Path
file:///C%3A/Windows/System32/Wscript.exe
Some of the alerts have different command line arguments but the same .exe, One individual from the same agency had W32.DFC.MalParent which I assume is where it was possibly run from originally?
Has anyone else been seeing this?
Solved! Go to Solution.
01-23-2024 10:09 AM
Update: Confirmed False Positive. Please see attached response from Cisco.
View solution in original post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
