TonyCummins
Honorary Members-
Posts
122 -
Joined
-
Last visited
Reputation
0 NeutralRecent Profile Visitors
The recent visitors block is disabled and is not being shown to other users.
-
Im seeing lots of these blocks also.... Location: onedscolprdcus06.centralus.cloudapp.azure.com(13.89.179.8:443) Policy name: Desktop Policy - USB SCANNING ENABLED Process name: C:\Windows\System32\svchost.exe Report time: February 14th 2024, 22:03:53 UTC Scan time: February 14th 2024, 22:03:52 UTC Action taken: Blocked Threat name: Compromised Type: OutboundConnection
-
TonyCummins started following Lot of Detections for vast-prod-sfo2.zentrick.com , PDQ - Nebula - FRHook.dll , Website Blocked and 1 other
-
Every endpoint : Reboot Summary (Simple): Updating core OS Files (pending reboot) Reboot Summary (Detailed): HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations contains... \??\C:\WINDOWS\system32\FRHook.dll{E5E381C7-BC32-4C92-8D9E-733B31F0108B} \??\C:\WINDOWS\SysWOW64\FRHook.dll{CB9D416A-6CCB-4E12-9041-67A2C6C291AB} Example:
-
Yea i get that but their response suggests its going to drift into the black hole knows as "dev ops" never to be hread of again. "Regrettably, due to current priorities and resource allocation, it is anticipated that the resolution for your specific matter will take approximately 2 to 3 months." Sounds like support is spread thin, which I've noticed considerably over last year or so with regards to getting timely responses from support.
-
Thanks for the response...Ill reach out to the vendor i guess. Thanks
-
Getting the following blocked, i believe its a false positive. Can someone verify and add exclusion. scram.net / 64.190.63.111
-
Is anyone else seeing Malwarebytes adding restart flags to endpoints ?? This is affecting my patch management with PDQ. I have this ticket opened since December 14th and ONLY got it addressed by level 2 / development on Jan 4th. All all my endpoints show they need restarted in the console, i have worked with that vendor and it seems malwarebytes is adding flags that it needs restart to delete FRHook.dll. I ran a script to remove that flag from ALL end points but they are all back now. Here is an example of what I'm seeing: Reboot Summary (Simple): Updating core OS Files (pending reboot) No matter how many restarts I do that flag never clears. I ran a manual cmd to remove flags on endpoints only to have it reappear almost instantly. This is the last response by level 1 support: After 4 weeks of back and forth with very bad support this is the final response i received to shut me up: Feeling frustrated
-
@HCHTech I too recently got sold the EDR, can you share the video please?
-
Lot of Detections for vast-prod-sfo2.zentrick.com (again)
TonyCummins replied to TonyCummins's topic in Website Blocking
Thanks for the update, much appreciated. -
Getting a bunch of detections for vast-prod-sfo3.zentrick.com and vast-prod-sfo2.zentrick.com (see pic) Anything to be concerned about?
-
NEBULA detecting vast-prod-sfo3.zentrick.com as compromised?
TonyCummins replied to TonyCummins's topic in Website Blocking
so nothing to be concerned about? Thanks -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Thanks for the heads up. I have gone and turned off the rootkit in the scan options. Appreciate it Tony -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Thanks KDawg...appreciate it -
False Positive - Intel Pro Network connections
TonyCummins replied to TonyCummins's topic in File Detections
Pm Sent Thanks