AMP has been generating a Cloud IOC alert for the following command line: C:\WINDOWS\System32\sdbinst.exe -m -bg I can't find anything for these arguments "-m -bg". Has anyone come across this or know what it means?
Has Stealthwatch Cloud alerting changed? For example, I’m trying to review an alert that triggered. Normally, to see the network events associated, there used to be a blue clickable link at the TimeDate and that would bring up the specific network de...
Hi, I am looking for additional clarification on the error code 3221225506 Access Denied given when AMP detects a file during a scan but can't quarantine it. For example, the files were detected in other Drives like E: F: G: Thank you!
Hi all, I received a reply from Cisco TAC regarding this detection - a fix has been applied to the backend and should no longer display as a Cloud IOC. Thank you so much for confirming this was due to Windows 11 update!
Thank you, I've opened a Cisco TAC case and provided the debugging logs. I just want to know if this has been seen before and if it's expected behavior for Windows 11. If so, I'm hoping that the Cloud IOC can be fine tuned.