Jump to content

Fake "Incidents" for Microsoft Edge / Winword / Rundll32


Recommended Posts

For quite some time now, I've been seeing heaps of false "Incidents" displayed in the management console's incidents panel. "msedge.exe", "rundll32.exe" and "winword.exe" are listed as having shown "suspicious behaviour" or "blocked activity". Please note that these are definitely the normal, valid, non-infected executables running on various non-infected PCs in our company network. See attached Screenshot.

It seems to me that the incident reporting is a bit overzealous... 🤨 I know that especially "rundll32.exe" can be abused by malware, but this is all fake stuff. The PCs are clean, run-of-the-mill office PCs.

Any insights on this?




Link to comment
Share on other sites

  • 5 weeks later...
This topic is now closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...