hello everyone, i am new to the community. I have the following question: In the Sophos management console I have the following alert: I would like your support to resolve this incident or is it a false positive.
Attached the details:
Description
Safe Browsing has detected that the Google Chrome browser is in danger
Workstation Type: Computer
OS: Windows
User: jose jose
Device: xx-xxx
Ransomware:
amily_id:mitigation: Intruderprocess_version: 88thumbprint:type: Intruderprocess_pid:version:uid:app_name: Google Chrome
process_alias_path: $ programfiles \ Google \ Chrome \ Application \ chrome.exe
process_name: Google Chrome
details: Intruder
Platform 6.3.9600 / x64 v523 06_3a-
PID 2900
Enabled
Silent 0020000000000100
Application C: \ Program Files (x86) \ Google \ Chrome \ Application \ chrome.exe
Created 2017-06-07T23: 58: 59
Modified 2021-01-21T03: 18: 26
Description Google Chrome 88
Loaded Modules (103)
Good morning! Do you have any Threat Cases generated as a result of this? Sometimes that will give you more information on what occurred.
Since it is indicating it is ransomware it is possible that Chrome was detected rapidly writing/encrypting/changing files on the computer.