Hello,
I am a new Sophos user and appreciate any help with this that you may be able to offer. When starting up Chrome we get the following message:
"An attempt to exploit an application vulnerability was prevented"
I don't know it this is something legit with Chrome that Sophos is detecting as a possible malicious attempt, or if it is an exploit. If it is malware, how do I remove it from the cpu, as the software scanning is not taking care of it?
Here are the details that are listed with the "intercepted attack" prompt:
Mitigation Lockdown
Platform 10.0.17763/x64 v508 06_9e
PID 6788
Application C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Description Google Chrome 75
Operation SetValueKey
Key \REGISTRY\USER\S-1-5-21-224820651-3658889247-3281666078-1001\Software\Microsoft\Windows\CurrentVersion\Run\
Value Name GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2
Value "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
Process Trace
1 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [6788]
2 C:\Windows\explorer.exe [9408]
3 C:\Windows\System32\userinit.exe [13032]
4 C:\Windows\System32\winlogon.exe [12896]
C:\WINDOWS\System32\WinLogon.exe -SpecialSession
5 C:\Windows\System32\smss.exe [5980]
\SystemRoot\System32\smss.exe 000000fc 00000084 C:\WINDOWS\System32\WinLogon.exe -SpecialSession
Thumbprint
d189073d28c1f44e5d23487b8948cc9fbca0145735aacf977438518b7e093e7a
Data based thumbprint
02dbe3586176e662b21a60b64f262d365befebf421bf1596c16cf7fc8d864fde
Thanks again for any help!
This thread was automatically locked due to age.