device_name:DEVPC01 AND sensor_action:*
This indicates that the file was blocked because of a Core Prevention rule. See Configuring Exclusions for Core Prevention Rules to create an exception.
Reputation | Blocking and Isolation Name |
KNOWN_MALWARE | Known Malware |
COMPANY_BLACK_LIST | Application on the company banned list |
RESOLVING | Unknown application or process |
ADWARE PUP |
Adware or PUP |
SUSPECT_MALWARE HEURISTIC |
Suspected malware |
NOT_LISTED | Not listed application |
TTP: | Operation Attempt: |
NETWORK_ACCESS ATTEMPTED_SERVER ATTEMPTED_CLIENT |
Communicates over the network |
RAM_SCRAPING READ_SECURITY_DATA |
Scrapes memory of another process |
SUSPICIOUS_BEHAVIOR PACKED_CALL |
Executes code from memory |
KNOWN_RANSOMWARE DATA_TO_ENCRYPTION SET_SYSTEM_FILE KERNEL_ACCESS |
Performs ransomware-like behavior |
INJECT_CODE HAS_INJECTED_CODE COMPROMISED_PROCESS PROCESS_IMAGE_REPLACED MODIFY_PROCESS MODIFY_PROCESS_EXECUTION HOLLOW_PROCESS |
Injects code or modifies memory of another process |
FILELESS |
Executes a fileless script |
If the issue persists, open a case with Support and provide: