Raynor Posted October 6, 2021 Report Share Posted October 6, 2021 For quite some time now, I've been seeing heaps of false "Incidents" displayed in the management console's incidents panel. "msedge.exe", "rundll32.exe" and "winword.exe" are listed as having shown "suspicious behaviour" or "blocked activity". Please note that these are definitely the normal, valid, non-infected executables running on various non-infected PCs in our company network. See attached Screenshot. It seems to me that the incident reporting is a bit overzealous... 🤨 I know that especially "rundll32.exe" can be abused by malware, but this is all fake stuff. The PCs are clean, run-of-the-mill office PCs. Any insights on this? Thanks! Rayonr Link to comment Share on other sites More sharing options...
Frank H Posted October 6, 2021 Report Share Posted October 6, 2021 hi @Raynor we will check Link to comment Share on other sites More sharing options...
Raynor Posted October 6, 2021 Author Report Share Posted October 6, 2021 Thanks, PM sent. Link to comment Share on other sites More sharing options...
ShadowPuterDude Posted November 5, 2021 Report Share Posted November 5, 2021 Thread Closed Link to comment Share on other sites More sharing options...
Recommended Posts