thae 12 Posted February 14, 2023 Share Posted February 14, 2023 Hello everyone, I'm only testing Inspect on about 20 PCs, and only on one PC I have constantly the following events: Injection into trusted process [F0414b][C] Trigger Event: %PROGRAMFILES(X86)%\microsoft office\office15\excel.exe Executables: dwm.exe, compattelrunner.exe, wmiprvse.exe, msedge.exe and some more Injection into email client process [F0417][C] Trigger Event: %PROGRAMFILES(X86)%\microsoft office\office15\outlook.exe and some moreExecutables: microsoft.photos.exe, runtimebroker.exe, wermgr.exe It's only this one PC and all of the executables are legitimate (mostly windows) programs. What can I do to make it stop beside setting exclusions for only this one PC. Every other PC has Outlook and Excel too but there are no events from them. Link to comment Share on other sites More sharing options...
Jamil-soc 4 Posted February 14, 2023 Share Posted February 14, 2023 (edited) Can you provide a screenshot of the detection? Which version of Windows OS is the system running? Edited February 14, 2023 by Jamil-soc Link to comment Share on other sites More sharing options...
thae 12 Posted February 15, 2023 Author Share Posted February 15, 2023 The system is running the latest W10 22H2. Here is the screenshot from the executable: and the one from the triggered event: The events from today only have excel with the same LNK file path, but in the past there were triggered events from excel and word with no LNK file path given. I thought maybe it would only trigger on this one link, but nope. Link to comment Share on other sites More sharing options...
Recommended Posts