We get the following alert
What happened: We could not clean up a threat.
Where it happened: computer name
What was detected: AMSI/Reflect-KA
How severe it is: High
What Sophos has done so far: We attempted to clean up a threat.
It is for only for one users, used to be two. I cleaned the temp files for both users on their respective PCs, and it seems that fixed the issue for the first user, or maybe just a coincidence.
However this one user's account on this PC keep giving us this detection.
Seems to be triggered by two different things, but they all lead to powershell.
Please see the images, hope that helps.
Any idea about this. Much appreciated.
[edited by: Gladys at 7:59 AM (GMT -7) on 3 Oct 2023]