Jump to content

IsuruSam

Members
  • Posts

    3
  • Joined

  • Last visited

About IsuruSam

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Estonia
  1. Thanks @JamesR I will evaluate both of your suggestion and select the best for our environment.
  2. @JamesR I have the similar issue where Injection into system process [F0413b][C] generates a lot of detections for mstsc.exe from multiple processes. Most common one is chrome.exe. Endpoints are user PCs and I was not able to isolate this to a few endpoints. Almost all the endpoints in my environment trigger this.
  3. I have the above detection rule creating false positives and when checked, all the detections are for MSTSC.EXE. The triggering processes are mostly the browsers (chrome.exe). All the endpoints are user PCs. Is there a way to tune this rule to stop the false positives?
×
×
  • Create New...