Unfortunately I cant tell form that picture what engine is triggering this event. I would suggest to look in Device Trajectory and also you can some time tell from the first line  of the event  not expanded. By any chance did yours is triggered by Ex...

First of all what would be helpful to understand here is what type of event your see in the console. Meaning would be nice to see picture of the event expanded with all the details to determine which engine is the one responsible for the detection. 

Another thing to remember is tricky question when it comes to these two solutions. In integrations such as ESA and WSA these two will be referenced as: File Reputation Server --- > Secure Endpoint either Cloud or Private Appliance (virtual or physica...

Please open TAC case if you experiencing this unusual behavior to investigate this more.Just for you information I run 8.4.5 on both my personal and work laptop both Windows 11 where my work laptop is on Cisco Secure Client 5.1.7.1336 and Secure Endp...

Sounds good If this is Tetra engine then it will be handled by our Internal Talos Team. TAC will just need the samples if you didn't provide them yet.