This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Can Microsoft confirm if SCEP 2012 protects against the SolarWinds hack:
=====================================================================================================
Process Information
file_operation_closed
file-path*: “c:\windows\syswow64\netsetupsvc.dll
actor-process:
pid: 17900
Window’s defender Exploit Guard log entries: (Microsoft-Windows-Security-Mitigations/KernelMode event ID 12)
Process”\Device\HarddiskVolume2\Windows\System32\svchost.exe” (PID XXXXX) would have been blocked from loading the non-Microsoft-signed binary
‘\Windows\SysWOW64\NetSetupSvc.dll’
It finds it, we had it.
@Intranomics
Thank you for posting in Microsoft Q&A forum and thanks for the update, we're glad the problem is solved now. If you have any questions in future, we warmly welcome you to post in this forum again.
Have a nice day!
Hi @Intranomics ,
Maybe this blog will help you: https://blogs.microsoft.com/on-the-issues/2020/12/13/customers-protect-nation-state-cyberattacks/
Regards,
Youssef Saad | New blog: https://youssef-saad.blogspot.com
Please remember to ** “Accept answer” ** for useful answers, thank you!
Thanks, but I already have all of that data.
There is no confirmation if SCEP 2012 protects against this that I have found.
Hey @Intranomics Do you happen to know and can you share the hash of this particular file? I haven't seen it anywhere and would be extremely handy. Cheers.
Frank
Apparently it’s a possible false positive.
Will confirm today.
Cheers,
Steven
Hey Steven,
Did you have a chance checking that? Unfortunately, I've still not been able to find any confirmation elsewhere.
Thanks!
SolarWinds says it’s false positive.
Unfortunately it’s all remains a big mess.
No thorough confirmation.
I see, thank you very much for checking!
Sign in to comment