Hello,
new false positive on customers PC running PrivaZer.
Here is the details :
-Log Details-
Protection Event Date: 9/22/23
Protection Event Time: 1:09 AM
Log File: 619b7431-591f-11ee-8a04-b8ac6fa5035d.json
-Software Information-
Version: 4.6.2.281
Components Version: 1.0.2131
Update Package Version: 1.0.75545
License: Premium
-System Information-
OS: Windows 10 (Build 19045.344
CPU: x64
File System: NTFS
User: System
-Exploit Details-
File: 0
(No malicious items detected)
Exploit: 1
Exploit.PayloadProcessBlock, C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c};, Blocked, 701, 392684, 0.0.0, ,
-Exploit Data-
Affected Application: cmd
Protection Layer: Application Behavior Protection
Protection Technique: Exploit payload process blocked
File Name: C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe powershell $a = Get-CimInstance -ClassName Win32_Process -Filter "Name='dllhost.exe'" | Select-Object ProcessId, CommandLine;ForEach ($b in $a) {$c=$b.ProcessId.ToString() + " " + $b.CommandLine; Add-content -Path "C:\Users\Owner\AppData\Local\privazer\dllhost0_4726" -Value $c};
URL:
(end)
Please fixe it.
Thanks. OK ?