Jump to content

JP Duvillard

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About JP Duvillard

  • Rank
    Newbie
  1. Enpass has been the recommended Password Manager in our company for a couple of years now so it's installed on a few Desktops and Mobile phones. Yesterday and today, some of our desktops have been flagged by Crowdstrike and the EnpassStartup.exe has been quarantined. Here are some of the reported data from Crowdstrike: ACTIONS TAKEN Process blocked, File quarantined SEVERITY Low OBJECTIVE Falcon Detection Method TACTIC & TECHNIQUE: Machine Learning via Cloud-based ML TECHNIQUE ID CST0008 SPECIFIC TO THIS DETECTION This file meets the File Analysis ML algorithm's low-confidence threshold for malware. TRIGGERING INDICATOR Associated IOC (SHA256) 60456913d5f80b7793b213c6ca47e801c781698d7a162727862b65523c9eacd9 GLOBAL PREVALENCE Common LOCAL PREVALENCE Common HASH PREVENTION ACTION None Associated File \??\C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe COMMAND LINE "C:\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe" FILE PATH \Device\HarddiskVolume2\Program Files\WindowsApps\SinewSoftwareSystems.EnpassPasswordManager_6.50.700.0_x86__fwdy0m65qb6h2\EnpassStartup\EnpassStartup.exe
×
×
  • Create New...