saila99 Posted February 16, 2022 ID:1502874 Share Posted February 16, 2022 Hello, recently I noticed that my Malwarebytes EDR found on one of my endpoints and exploit... Here are the details: C:\Windows\sysnative\cmd.exe C:\Windows\sysnative\cmd.exe \c C:\Windows\System32\REG QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography \v MachineGuid The automatic action taken by MB was blocked. I have some questions: Is this a real exploit or an error? Since this exploit it is already bloqued, should I click on remediate or not? How can I trace to see how or where we got infected? Thanks, Link to post Share on other sites More sharing options...
saila99 Posted February 16, 2022 Author ID:1502877 Share Posted February 16, 2022 Here are some screenshots Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 17, 2022 Root Admin ID:1502986 Share Posted February 17, 2022 Hello @saila99 Can you please open a Support ticket and attach the logs from this for Support. Once you have a ticket number please let me know the number so I can see if I can get it escalated. https://support.malwarebytes.com/hc/en-us/requests/new Thank you Link to post Share on other sites More sharing options...
saila99 Posted February 17, 2022 Author ID:1503008 Share Posted February 17, 2022 Thanks for your response, here is the request #3746060 Please let me know Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 17, 2022 Root Admin ID:1503017 Share Posted February 17, 2022 Thank you. I've asked someone from Support to see if they can assist sooner. Normal wait is about 3 business days. Link to post Share on other sites More sharing options...
Recommended Posts