Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In the last hour I've been receiving an uptick of alerts for w32.4173FC5A68.infostealer-psexec.talos.sso with the file path: File PathWscript.exefile:///C%3A/Windows/System32/Wscript.exeSome of the alerts have different command line arguments but the...
Good afternoon, we are using Cisco AMP with our connector version being 8.2.1.21612 and are receiving numerous alerts for a filename Base64JS.min.js. Is anybody else experiencing this? Previously we had a widespread issue with a smss.exe parent proce...
Final thoughts,although we now have an accepted solution, for future reference you can also create an exclusion for events like this and apply it to your group policies. I personally don't tend to do that, as there is always the possibility of these ...
For the retrospective quarantine attempt failure, that's a confusing feature. SEP will quarantine the initial event, but until the event is marked as resolved, it will continuously monitor it as still being present and search for the signature that n...
