Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation

Who Me Too'd this topic

Powershell Command in Registry Data

Bunged
Level 1
Level 1

‎09-12-2023 10:48 PM

For the last few hours we have been seeing an increasing number of 'Powershell command in registry data' findings.
They all look the same and report something similar:

 

Observables
File:taskhostw.exe   e6370920…58402728
Registry Key:\USER\S-1-5-21-1514197063-1296195755-1265796959-7856\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfTaskBackedUpTiles_2361862998   ListOfTaskBackedUpTiles_2360852998
Observed Activity
Registry Set\USER\S-1-5-21-1514197063-1296195755-1265796959-7856\SOFTWARE\Microsoft\Windows\CurrentVersion\AppListBackup\ListOfTaskBackedUpTiles_2361862998
 
I assume this is nothing to worry about? Is there a way to prevent this particular alert message or do we have to wait for a signature update?
10 people had this problem
Who Me Too'd this topic