Jump to content

TonyCummins

Honorary Members
  • Posts

    122
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Im seeing lots of these blocks also.... Location: onedscolprdcus06.centralus.cloudapp.azure.com(13.89.179.8:443) Policy name: Desktop Policy - USB SCANNING ENABLED Process name: C:\Windows\System32\svchost.exe Report time: February 14th 2024, 22:03:53 UTC Scan time: February 14th 2024, 22:03:52 UTC Action taken: Blocked Threat name: Compromised Type: OutboundConnection
  2. Every endpoint : Reboot Summary (Simple): Updating core OS Files (pending reboot) Reboot Summary (Detailed): HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations contains... \??\C:\WINDOWS\system32\FRHook.dll{E5E381C7-BC32-4C92-8D9E-733B31F0108B} \??\C:\WINDOWS\SysWOW64\FRHook.dll{CB9D416A-6CCB-4E12-9041-67A2C6C291AB} Example:
  3. Yea i get that but their response suggests its going to drift into the black hole knows as "dev ops" never to be hread of again. "Regrettably, due to current priorities and resource allocation, it is anticipated that the resolution for your specific matter will take approximately 2 to 3 months." Sounds like support is spread thin, which I've noticed considerably over last year or so with regards to getting timely responses from support.
  4. Thanks for the response...Ill reach out to the vendor i guess. Thanks
  5. Getting the following blocked, i believe its a false positive. Can someone verify and add exclusion. scram.net / 64.190.63.111
  6. Is anyone else seeing Malwarebytes adding restart flags to endpoints ?? This is affecting my patch management with PDQ. I have this ticket opened since December 14th and ONLY got it addressed by level 2 / development on Jan 4th. All all my endpoints show they need restarted in the console, i have worked with that vendor and it seems malwarebytes is adding flags that it needs restart to delete FRHook.dll. I ran a script to remove that flag from ALL end points but they are all back now. Here is an example of what I'm seeing: Reboot Summary (Simple): Updating core OS Files (pending reboot) No matter how many restarts I do that flag never clears. I ran a manual cmd to remove flags on endpoints only to have it reappear almost instantly. This is the last response by level 1 support: After 4 weeks of back and forth with very bad support this is the final response i received to shut me up: Feeling frustrated
  7. @HCHTech I too recently got sold the EDR, can you share the video please?
  8. Getting a bunch of detections for vast-prod-sfo3.zentrick.com and vast-prod-sfo2.zentrick.com (see pic) Anything to be concerned about?
  9. Thanks for the heads up. I have gone and turned off the rootkit in the scan options. Appreciate it Tony
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.