About vendeville_lj

vendeville_lj · 03-26-2024

We've started getting googleupdate.exe popping up in the dashboard as Cloud IOC: W32.RubeusMalware.ioc, starting this afternoon. Neither the actual detection (352d9f7ed7f0d463aeb21597d6cf1492df34f622027a853a6e861c54434e6caa) nor the parent (googleupd...

vendeville_lj · 04-20-2023

We've had a handful of machines get flagged for the AMSI provider being deleted from the registry, and haven't been able to put a finger on the cause. The registry key being deleted looks like it's the one for Windows' built-in AV ( {2781761E-28E0-41...

vendeville_lj · 03-11-2022

One of our users is using a file encryption service on his Windows computer which was initially flagged as ransomware. I added the application to our Allowed Applications list but it is still getting flagged, and seems to be alternating between succe...

vendeville_lj · 05-09-2023

Running into the same issue with a bunch of my endpoints, the first instances starting on 03MAY23. Looking through SCCM, all of the machines with this popping up are running Google Chrome version 113.0.5672.63, which isn't very far off from the curre...

vendeville_lj · 04-25-2023

Thanks for checking this out and providing the information, it's much appreciated.

vendeville_lj · 03-22-2022

So the application is allowed, but the encrypting of the files is what's flagging Secure Endpoint. Thanks for the info, and I'll get an exclusion created.

Member Since	‎03-11-2022 09:10 AM
Date Last Visited	‎05-16-2024 08:37 AM
Posts	6
Total Helpful Votes Received	3

User Statistics

User Activity

Multiple endpoints flagged with Cloud IOC: W32.RubeusMalware.ioc

AMSI Deleted for Windows Defender/Security

Allowed Application Still Being Quarantined

Re: Chrome.exe exploit prevention events

Re: AMSI Deleted for Windows Defender/Security

Re: Allowed Application Still Being Quarantined