Bitdefender Detected a Threat and Blocked Explorer

works2020

The details are below. A full scan came back clean and the user doesn't report anything out of the ordinary. I checked security logs nothing suspicious and confirmed the device is fully patched.

I believe this is a false positive but would like to know more about how the "User Login" is affected in this instance.

Event name: ATC.Malicious

Att&ck Tactics: N/A

Event description: Advanced Threat Control has labeled explorer.exe as a potential threat to your system.

Event name: SuspiciousSignedProcessExecution

Att&ck Tactics: Defense Evasion

Event description: A signed suspicious process has been executed

ATT&CK Techniques: Subvert Trust Controls – T1553.002 Code Signing

Event name: user_login

Event description: User Login

Event name: Process Create

Att&ck Tactics: N/A

Event description: A process has been created.

Event name: Process Create

Att&ck Tactics: N/A

Event description: A process has been created.

Find more posts tagged with

gravityzone

blocked attacks

Accepted answers

All comments

Gjoksi

Hello.

Since you need help with business product, @Alex_Dr could take a look here and help you.

Also, you can always contact the Bitdefender business support:

https://www.bitdefender.com/business/support/en/71263-85158-contact.html

Regards.

Alex_Dr

Hello @works2020,

Seeing as explorer.exe is an integral part of the Windows Operating Systems, i strongly suggest forwarding your original description to the Enterprise Team so they could analyze the claim and investigate what's happening in the background of explorer.exe that Bitdefender ATC detects as a threat.

Do keep me updated once you contacted them (perhaps with a case number as well) as this is not something to be taken lightly.

Best regards,

Alex D.

Sagebrush62

With virtually every entry I get a message "Bitdefender has detected a potential threat". It's really bothersome. How do I prevent this?