Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
89
Views
0
Helpful
0
Replies

Cloud IOC: ExecutedMalware.ioc

john-doe
Level 1
Level 1

‎08-07-2024 06:20 AM

We often see in the infrastructure that the user tries to download/move a malicious file from a flash drive to the desktop several times in a row, but the file quarantine does not always occur. That is, for 5 successful quarantines, there may be 1 failed. And at this point, we see the Cloud IOC event: ExecutedMalware.ioc. After this, the PC may immediately be automatically isolated. Unfortunately, it is not possible to reproduce the situation, since all quarantines from the test environment are fast and successful.

My question: How does this happen? That is, the user downloads the file several times, waits until the Cisco SE agent does not work for quarantine and launches the file before it was quarantined? Does launching such a malicious file really affect the OS in that short period before the moment of isolation? Do I need to reinstall the OS after this?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents