Controlled Application Blocked - Location

Hi all,

We got a notification that a controlled application (ScreenConnect) was blocked on one of our servers. Is there anyway to identify the location of exe or application which caused this?

I used the Threat Analysis Service and searched for the process name using the contains attribute but nothing showed uo

Parents

0 Harshil_S 3 hours ago

Hello DavidGorman

If you have the XDR License, then you can use the "Windows Programs" query which is present in the Live Discover section. This query will share you the results of the installed applications used by the windows installer. You can give it a try and you may find the install locations of the ScreenConnect application from this query,

Best Regards,

Harshil Shah | Technical Support Engineer | SOPHOS
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Harshil_S 3 hours ago

Hello DavidGorman

If you have the XDR License, then you can use the "Windows Programs" query which is present in the Live Discover section. This query will share you the results of the installed applications used by the windows installer. You can give it a try and you may find the install locations of the ScreenConnect application from this query,

Best Regards,

Harshil Shah | Technical Support Engineer | SOPHOS
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data