martinCRut 0 Posted March 2, 2022 Share Posted March 2, 2022 ESET reports blocking half a dozen instances this morning (Win 10 64) Suspected botnet Powershell/Generik A Application: powershell.exe target: 159.65.89.65:443 user: NT authority/system I have done a full scan and not found anything. Powershell is not running in Task manager-> details I'm not sure where to go next.. thank you! Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,298 Posted March 2, 2022 Administrators Solution Share Posted March 2, 2022 Probably you're using DATTO RMM which has recently started to download 7zip via powershell. Please create an IDS exception. Link to comment Share on other sites More sharing options...
Recommended Posts