Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1592
Views
0
Helpful
0
Replies

Detection on US (local to office) PC with User from Different Country

ITandCoffee
Level 1
Level 1

‎04-27-2020 06:25 AM - edited ‎04-27-2020 06:28 AM

Hi Cisco Community,

I've received detections on PCs where AMP states the user involved is a user that has never logged into the computer in question. I'm assuming this has to do with the origination of the file detected, but I'm not sure. Does anyone have a better explanation? Example shown below:

Thanks!

  • Event Type: Threat Detected
  • Computer: **Local US Computer in Office**
  • Hostname: **Local US Computer in Office**
  • IP: *****************************************
  • User: **User from one of our China Locations**
  • Detection: W32.Auto.c8e840.182157.in01
  • File: UL62-2001 软线和装置线.exe
  • File path: \\?\D:\New folder\5565\UL标准\UL62-2001 软线和装置线.exe
  • Detection SHA-256: c8e8404cb0bd9f8e9260ded75a5c10e2c2851c32079f9f65fd97f9a0540c7f0b
  • By Application: explorer.exe
  • Application SHA-256: 3f9f6a4c409ec9a9c308a92275f4381e668a7d644f3ad9e9ae5b636d4e42bcca
  • Severity: Medium
  • Timestamp: 2020-04-26 04:53:08 +0000 UTC
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents