Jump to content

cmd.exe detected as a suspicious activity log.


Recommended Posts

can some one please let me know the reason to detect below applications as a suspicious activity from Malwarebytes Nebula

 

1)cmd.exe (C:\WINDOWS\SYSTEM32\CMD.EXE)

2)powershell.exe(C:\WINDOWS\SYSTEM32\WINDOW...OWERSHELL.EXE)

Link to post
Share on other sites

Greetings,

Without seeing the scan logs, my guess would be that the detections are likely being triggered by Exploit Protection, but there's no way to know for certain without the logs from Malwarebytes.  If you post them we can check and see what's going on, and if it is a false positive, guide you to the correct area to post for the appropriate Research team to investigate and get the issue corrected.

Thanks

Link to post
Share on other sites
We need to get information from your computer in order to have the proper detail to help you going forward.
 NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.
    
    
    Once the file is downloaded, open your Downloads folder/location of the downloaded file
    Double-click mb-support xxx.xx.exe to run the report
        You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
        
    Place a checkmark next to Accept License Agreement and click Next
    You will be presented with a page stating, "Get Started!"
    Do NOT use the button “Start repair” !
    Click the Advanced tab on the left column
    
    Click the Gather Logs button
    
    A progress bar will appear and the program will proceed with getting logs from your computer
   
    Upon completion, a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
    Please attach the ZIP file in your next reply.
Link to post
Share on other sites
1 hour ago, RamuduV said:

suspicious activity from Malwarebytes Nebula

This is different from the regular Malwarebytes product, I have asked for your post to be moved to the correct section.

Link to post
Share on other sites

Hello @RamuduV

Above the process graph you'll see it says "This activity triggered x rules accross x items. Show Details". Click on that, and then you can click on the colored text below. 

It gives a little more insight as to why these were detected. Severity is low and in your instance, it looks like the cmd.exe detection is because you run a script to kill tasks. With powershell, a command to clear cache is being run. They appear suspicious to us but you can disregard these detections.

Please let us know if you have more questions.

Thank you, 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.