We have an end user machine that was placed into isolation after a high severity Cloud IOC Event (Cloud IOC: W32.PowershellIEXReplace.ioc) and a low severity Cloud IOC Event (Cloud IOC: W32.PowershellObfuscationAttempt.ioc) was detected. Powershell ...
Anyone else using AutoHotkeyU.exe in their environment and experiencing multiple retrospective quarantine events because the file disposition is now malicious?
I understand what it does, but I'm curious why the disposition recently changed
Can the Cisco Secure Endpoint Secure Client be configured to display threat information when they are detected in the console? I checked off Engine Notification in the policy, advanced settings, client user interface.
Setting up a new implementation of Umbrella and the client rolled out the RC to a few Windows 11 laptops that have a MS VPN configured to connect to Azure. After installing the Umbrella RC, they get the following error after entering the username an...
Today we are seeing multiple high severity events being generated for wscript.exe sha256: 4173fc5a6864f03ab021823cd0f2f085ba85b3a9b1e37a2094798fc099507523
This is affecting multiple versions of the connector which is causing multiple endpoints to be ...
Normally when trying to identify if a detection is legitimate or a false positive, you can start with checking the sha against the VirusTotal database and you can search Talos. You can also submit disposition changes for fp's.
A little more background:
There are a number of users in our organization that have been using AutoHotKey for quite some time, primarily to automate repetitive tasks. Working with a few end users yesterday, I noticed most were running the older ve...
@Matthew Franks here are the details:
There appears to be at least 3 versions of AutoHotkey.exe in our environment that are triggering threat detection and retrospective quarantine failure events:
C:\Program Files\AutoHotkey\AutoHotkeyU32.exe / disp...
I'm all about security, however it seems like false positives are happening more often lately. What's worse is we have automated isolation actions configured and when a false positive triggers, it makes for a bad day.