We'd love to hear about it! Click here to go to the product suggestion community
Recently I received a message about a handful of computers with the following message and I am wondering what action(s) I need to take, if any:
What happened: We prevented a privilege escalation exploit in C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe. This type of exploit gives an application access to resources it shouldn’t have.
What was detected: PrivGuard
How severe it is: High
What Sophos has done so far: We prevented the privilege escalation and ran a scan to clean up the computer.
What you need to do: Investigate the cause of the alert. When you are sure the system is clean, acknowledge the alert.\
Hello Sophos User1524
Please go through this document regarding PrivGuard/CredGuard detections.
You can check Application event viewer logs for 911 events, to investigate where the detection is coming from. If you determine that this is coming from a legitimate application that you use in your organization, you can Allow these to keep these detections from occurring; otherwise, if the detection is coming from an unknown source, you don't have to do anything as Sophos is already blocking it.
In reply to DianneY:
Thanks so much for your assistance.
In reply to Sophos User1524:
Hi Sophos User1524
You're welcome. Please reach out to us for any further concerns.