Bitdefender Detected a Threat and Blocked Explorer
The details are below. A full scan came back clean and the user doesn't report anything out of the ordinary. I checked security logs nothing suspicious and confirmed the device is fully patched.
I believe this is a false positive but would like to know more about how the "User Login" is affected in this instance.
Event name: ATC.Malicious
Att&ck Tactics: N/A
Event description: Advanced Threat Control has labeled explorer.exe as a potential threat to your system.
Event name: SuspiciousSignedProcessExecution
Att&ck Tactics: Defense Evasion
Event description: A signed suspicious process has been executed
ATT&CK Techniques: Subvert Trust Controls – T1553.002 Code Signing
Event name: user_login
Event description: User Login
Event name: Process Create
Att&ck Tactics: N/A
Event description: A process has been created.
Event name: Process Create
Att&ck Tactics: N/A
Event description: A process has been created.
Answers
-
Hello.
Since you need help with business product, @Alex_Dr could take a look here and help you.
Also, you can always contact the Bitdefender business support:
https://www.bitdefender.com/business/support/en/71263-85158-contact.html
Regards.
0 -
Hello @works2020,
Seeing as explorer.exe is an integral part of the Windows Operating Systems, i strongly suggest forwarding your original description to the Enterprise Team so they could analyze the claim and investigate what's happening in the background of explorer.exe that Bitdefender ATC detects as a threat.
Do keep me updated once you contacted them (perhaps with a case number as well) as this is not something to be taken lightly.
Best regards,
Alex D.
1 -
With virtually every entry I get a message "Bitdefender has detected a potential threat". It's really bothersome. How do I prevent this?
0