benny_thom

I dont believe its actually deleting a file, so there is nothing to restore, powershell and svchost arent going anywhere, . If its a false positive, I dont want to add as an exeception as that flags the path (powershell) and the detection, what if the same detection came up that wasnt a false positive? How do I flag the sheduled task (or whatever it is) thats causing this as a false positive in the first place? And firstly how do I even know it is? Surely I can dig into whats causing this specifically and resolve it. Otherwise im gonna keep recieving notifications that its cleaned, im in the 100's of these accross my machines.

Hello, looking for some help on this. Ive had this popping up accross all domain PC's over the last 48 hours. Is this some random scheduled task false positive issue or something to be concerned about? Ive had a look through task scheduler but nothing is lining up time-wise. I can grab full logs if thats whats needed. Appriciate any help. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here 24/11/2023 8:08:01 am;Command line scanner;file;c:\windows\system32\windowspowershell\v1.0\powershell.exe;BAT/TrojanDownloader.Agent.PBO trojan;cleaned by deleting;NT AUTHORITY\SYSTEM;Event occurred while attempting to run the following command: C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule;DC6F7F8D8E57105E797EF80742B41A1F5EE190CE;