Using LogMeIn Rescue Generates an Investigation

I use LogMeIn Rescue to support remote PCs.  Last week, Sophos EDR has started generating an Investigation after each use.  Has anyone else seen this of have any insignt?

Initial Detection: WIN-MITRE-Behavioral-TA0005-T1562.009

Risk 6

Category: Classifier

MITRE ATT&CK: Defense Evasion



Added TAGs
[edited by: Gladys at 3:35 PM (GMT -7) on 24 Mar 2023]
Parents
  • Hi, I am the PM for XDR:   

    It looks like the XDR behavior detection is accurately triggering the detection and creating the investigation. 

    To address these and other 'noise' where a suspect activity is being performed for legitimate reasons we will be adding custom suppression rules so that the admin can triage the detection and set a rule to suppress notification for the specific activity going forward.

    I expect that customer defined suppression of detections will be available in the product this summer/fall.

Reply
  • Hi, I am the PM for XDR:   

    It looks like the XDR behavior detection is accurately triggering the detection and creating the investigation. 

    To address these and other 'noise' where a suspect activity is being performed for legitimate reasons we will be adding custom suppression rules so that the admin can triage the detection and set a rule to suppress notification for the specific activity going forward.

    I expect that customer defined suppression of detections will be available in the product this summer/fall.

Children