Bitdefender Detected a Threat and Blocked Explorer

The details are below. A full scan came back clean and the user doesn't report anything out of the ordinary. I checked security logs nothing suspicious and confirmed the device is fully patched.

I believe this is a false positive but would like to know more about how the "User Login" is affected in this instance.

Event name: ATC.Malicious

Att&ck Tactics: N/A

Event description: Advanced Threat Control has labeled explorer.exe as a potential threat to your system.

Event name: SuspiciousSignedProcessExecution

Att&ck Tactics: Defense Evasion

Event description: A signed suspicious process has been executed

ATT&CK Techniques: Subvert Trust Controls – T1553.002 Code Signing

Event name: user_login

Event description: User Login

Event name: Process Create

Att&ck Tactics: N/A

Event description: A process has been created.

Event name: Process Create

Att&ck Tactics: N/A

Event description: A process has been created.

Answers

  • Gjoksi
    Gjoksi Defender of the month mod

    Hello.

    Since you need help with business product, @Alex_Dr could take a look here and help you.

    Also, you can always contact the Bitdefender business support:

    https://www.bitdefender.com/business/support/en/71263-85158-contact.html

    Regards.

  • Alex_Dr
    Alex_Dr Quality & Customer Experience Specialist BD Staff

    Hello @works2020,

    Seeing as explorer.exe is an integral part of the Windows Operating Systems, i strongly suggest forwarding your original description to the Enterprise Team so they could analyze the claim and investigate what's happening in the background of explorer.exe that Bitdefender ATC detects as a threat.

    Do keep me updated once you contacted them (perhaps with a case number as well) as this is not something to be taken lightly.

    Best regards,

    Alex D.

  • With virtually every entry I get a message "Bitdefender has detected a potential threat". It's really bothersome. How do I prevent this?