Does Defender store or host threats within the appliance?

Rachelle Worrall 1 Reputation point
2022-01-27T15:43:38.417+00:00

I have recently come across some very abnormal activity, however it wasn't my antivirus or defender that caught this. I am struggling to even get it down to what the specific(s) sources or files are where these messages are imbedded. Throughout my findings its calling out various threat names, registry keys changes, file directory's, mutated strings, trying to hide items in recycle bin and temp folders. I did look at the workstation is question trying to match up registry keys against another to make sure nothing there was changed but at a complete loss on what could cause this and where its living.

WS in question: Windows 10 64 bit machine 1909

I am wondering what type of data Defender uses or stores in order to find potential threats on an endpoint? Could it be my defender or another antivirus file causing these flags? Any tips is appreciated

Example text found in an deep packet inspection:
f�!Delf.AV o� �_L�[@�k:� d��6Ay���A1e C���!Virut.AJ�!Virut.AK�!Virut.AL�!Autorun.ED�!Autorun.AF t� �����( ����������5b�3!������+Autorun.ED�!Agent.DV x� �!x� xH Yp��+6��;� UV��S��m�htl@�D$ P��j�L$ Q� �`@hpl @�T$ R����$ P�L$ Q��jh�j jj h��T$(R� a@���t j�L$ Qj
hdl@c:\program files\ctfmone.exec:\program files\ctfmona.exe4b324fc8-1670-01d3-1278-5a47bf6ee188risinidaye%smdmscan%d.log\%s\pipe\browsersending payload2...finishsending payload1...finish�!Xorer.B y� ��s�*x� !�0��S� KE9����L�[B/�8� ����+��������������O�� �����T$<�� ����$ �������+������,� �������+��D$?�������������O�� �����T$<�� ����$ �������+��������T$<�� ����3��� ��� � \~.exe037589.log\com\lsass.exeSYSTEM\CurrentControlSet\Control\SafeBoot\Network{4D36E967-E325-11CE-BFC1-08002BE10318}rosoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHiddenNoDriveTypeAutoRun�!OnLineGames.CRU�!OnLineGames.CRV�!OnLineGames.CRW�

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,747 questions
{count} votes