Jump to content

Recommended Posts

Posted

Hi,

we have applied the recommended HIPS policies for MS Office, and a few computers now regularly report that Outlook is trying to execute rundll32.exe. I haven't been able to find out why that is, doesn't seem to be an add-in or actual exploits.

Talked to someone whose PC reported it happening within five minutes and they said that all they've done was send an e-mail with an image attachment.

Is it possible to get more information from ESET about the blocked HIPS events, like the call parameters of (in this case) rundll32.exe?

  • Administrators
Posted

You would need to use an EDR/XDR, such as ESET Inspect to figure out the chain of events that occurred beforehand.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...