Jump to content

Injection into (trusted/email client) process


Recommended Posts

Hello everyone,

I'm only testing Inspect on about 20 PCs, and only on one PC I have constantly the following events:

  1. Injection into trusted process [F0414b][C]
    Trigger Event: %PROGRAMFILES(X86)%\microsoft office\office15\excel.exe
    Executables: dwm.exe, compattelrunner.exe, wmiprvse.exe, msedge.exe
    and some more
  2. Injection into email client process [F0417][C]
    Trigger Event:
    %PROGRAMFILES(X86)%\microsoft office\office15\outlook.exe and some more
    Executables: microsoft.photos.exe, runtimebroker.exe, wermgr.exe

It's only this one PC and all of the executables are legitimate (mostly windows) programs. What can I do to make it stop beside setting exclusions for only this one PC. Every other PC has Outlook and Excel too but there are no events from them.

 

 

Link to comment
Share on other sites

The system is running the latest W10 22H2.

Here is the screenshot from the executable:

image.png.0fd1a417d22b04f294f9cadcef18e778.png

and the one from the triggered event:

image.png.3e8b0baaefdf6ad302f4cbbf3466e780.png

The events from today only have excel with the same LNK file path, but in the past there were triggered events from excel and word with no LNK file path given.

I thought maybe it would only trigger on this one link, but nope.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...