About davalosn

davalosn · 04-04-2022

Just about every service start command is being flagged as an IOC right now. I've gotten around 30 or 40 alerts in the last hour for normal service starting behavior, some examples: C:\Windows\system32\svchost.exe -k localService -p -s RemoteRegistry...

davalosn · 01-12-2021

I agree with Orlith as well, I can tell you definitively that the install scan misses things that should have been caught if it were truly doing a full system scan. Things got picked up and quarantined on endpoints after scheduling a full system scan...

davalosn · 10-27-2020

I can't find exactly where these are being downloaded from in AMP, Threat Response or Umbrella. I'm assuming it's a false positive on grammarly javascripts.

Member Since	‎10-27-2020 06:32 AM
Date Last Visited	‎05-16-2022 02:39 PM
Posts	3

User Statistics

User Activity

Endpoint connector 7.5.3.20938 flagging every service start as IOC

Re: Cisco AMP API - Initiate Scan?

Re: Event Type: Retrospective Quarantine Attempt Failed