SolarWinds Vulnerability SCEP 2012 Protection: Behavior:Win32/Solorigate.C!dha

JH 136 Reputation points

Can Microsoft confirm if SCEP 2012 protects against the SolarWinds hack:!dha&ThreatID=2147771132


Mitigation: FireEye has provided two Yara rules to detect TEARDROP available on our GitHub. Defenders should look for the following alerts from FireEye HX: MalwareGuard and WindowsDefender:

Process Information

file-path*: “c:\windows\syswow64\netsetupsvc.dll
pid: 17900

Window’s defender Exploit Guard log entries: (Microsoft-Windows-Security-Mitigations/KernelMode event ID 12)

Process”\Device\HarddiskVolume2\Windows\System32\svchost.exe” (PID XXXXX) would have been blocked from loading the non-Microsoft-signed binary

Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,746 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. JH 136 Reputation points

    It finds it, we had it.


2 additional answers

Sort by: Most helpful
  1. Youssef Saad 3,401 Reputation points

    Hi @JH ,

    Maybe this blog will help you:


    Youssef Saad | New blog:
    Please remember to ** “Accept answer” ** for useful answers, thank you!

    0 comments No comments

  2. JH 136 Reputation points

    Thanks, but I already have all of that data.

    There is no confirmation if SCEP 2012 protects against this that I have found.

    0 comments No comments