About C2_10a (T1071.001) Detected on the server

Endpoint appears as malicious behavior, but shouldn't detecting c2 be the purview of IPS? Why is it showing malicious behavior?

Or is the ips module already involved?



Added Tags
[edited by: GlennSen at 12:24 PM (GMT -7) on 3 Oct 2024]
Parents Reply
  • hello, as mentioned in the article, the detection of C2 will not prevent, but will trigger a memory scan, and if the memory scan is determined to be malicious, it will be cleaned. I am curious, why did c2 not immediately block the connection and prompt? Or, why is c2 not detected? If the memory scan is secure, isn't it a successful hack? If you indicate at the c2 connection stage, we can make up the payment even if the memory scan miss

Children