Good Morning, On certain machines we have been getting this error "'Lockdown' exploit prevented in Windows Command Processor" in the events logs it says: Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 11:22 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:21 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:15 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:14 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:04 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:04 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 11:02 AM Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe' CHSEWKS08 Jul 31, 2018 10:50 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:50 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:47 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:46 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:46 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:36 AM 'Lockdown' exploit prevented in Windows Command Processor CHSEWKS08 Jul 31, 2018 10:36 AM 'Lockdown' exploit prevented in Windows Command Processor We are trying to install a new update for a program, this program updates through java, but we added the file path to the global scanning list and still no luck. But looking at the root cause Analysis is shows: Detection name: Lockdown Root Cause: iexplore.exe Possible data involved: no business files So the root cause is saying something totally different than what the actual event log is showing. I have been reading the forums for 2 days now trying to figure this out and have not found any solution, so I am hoping someone could point me in the right direction into trying to solve this issue. Thank you.

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

'Lockdown' exploit prevented in Windows Command Processor

Good Morning,

On certain machines we have been getting this error "'Lockdown' exploit prevented in Windows Command Processor"

in the events logs it says:

Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 11:22 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:21 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:15 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:14 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:04 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:04 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 11:02 AM	Nothing found to clean up: 'Windows Command Processor' at 'C:\Windows\SysWOW64\cmd.exe'	CHSEWKS08
		Jul 31, 2018 10:50 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:50 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:47 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:46 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:46 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:36 AM	'Lockdown' exploit prevented in Windows Command Processor	CHSEWKS08
		Jul 31, 2018 10:36 AM	'Lockdown' exploit prevented in Windows Command Processor

We are trying to install a new update for a program, this program updates through java, but we added the file path to the global scanning list and still no luck.

But looking at the root cause Analysis is shows:

Detection name:	Lockdown
Root Cause:	iexplore.exe
Possible data involved:	no business files

So the root cause is saying something totally different than what the actual event log is showing.

I have been reading the forums for 2 days now trying to figure this out and have not found any solution, so I am hoping someone could point me in the right direction into trying to solve this issue.

Thank you.

This thread was automatically locked due to age.