05-31-2022 10:55 AM
Zero Day Exploit of Microsoft Support Diagnostic Tool Detection. What components of Cisco Secure Endpoint will detect and block this vulnerability?
06-01-2022 04:56 AM
I believe they are awaiting a signature update from TALOS to help in detection/prevention.
06-01-2022 05:25 AM
They added detection this morning. I'm just not sure not sure which engine is picking this and if it will only detect or block/quarantine.
06-01-2022 05:31 AM
Behavioral Protection would need to be enabled.
06-01-2022 08:36 AM
How is it known that this is Behavioral Detection and not Exploit Prevention, Exploit Prevention-Script Control, System Process Protection, or Malicious Activity Protection? Is there a place to look to confirm this?
06-02-2022 01:40 PM
Hello S.H.,
Thank you for posting this. If you don't mind sharing a little more, where is this information from? How do I find this information source for future reference? Thank you for any assistance you can provide.
- CB
06-02-2022 02:25 PM
06-02-2022 02:27 PM
Just sad that they don't have a published/modified date that we could filter on (so that you can see new Indicators added easily....).
06-02-2022 02:44 PM
Thank you Sylvain. I was able to find the same indicator using general search on "msdt". I'm still trying to determine which AMP detection engine is necessary to be certain this is detecting in my enterprise. The indicator doesn't have that information listed on the indicator blurb. Any clues as to how you determined behavioral engine to be the engine necessory to make use of this indicator?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide