Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 605 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outlook.exe categorized as trojan due to its connection outbound and modification on registry keys.

Prabin Tamang
4 months ago
Outlook.exe performed all these actions, and due to it, it is shown as Trojan. And As far as it seems all the outbound connection has been to Microsoft. And I would like to know if this action is normal or should I be concered and if so what action should I take. 
Here is the hash of the root cause [ outlook.exe ].
SHA256:
ee343bf28cb3269dc154ce0acde4ecbf46f415c48b6dc9a344c5c9c930bd09e5
Actions performed by this artifact:
200 DNS lookups
200 File deletions
200 File reads
200 File writes
200 IP connections
200 Registry creations
200 Registry deletions
200 Registry value sets
200 URL accesses
92 Registry value deletions


This thread was automatically locked due to age.
Parents
  • 0 4 months ago

    Hello Prabin Tamang,

    is this indeed the On-Premise Endpoint, not Intercept X? The former doesn't talk of a Root Cause.

    Anyway, this acticity doesn't seem normal, you should open a case with Support. Is this a report from just one endpoint or a summary?

    Christian

Reply
  • 0 4 months ago

    Hello Prabin Tamang,

    is this indeed the On-Premise Endpoint, not Intercept X? The former doesn't talk of a Root Cause.

    Anyway, this acticity doesn't seem normal, you should open a case with Support. Is this a report from just one endpoint or a summary?

    Christian

Children
No Data
Unfiltered HTML