Module Name: Threat Prevention
Analyzer Content Version: 10.6.0.9845
Analyzer Rule ID: 6148
Analyzer Rule Name: Malware Behavior : Windows EFS abuse
We are seeing multiple detections/blocks on an executable accessing the following path:
The rule was introduced on Jan 18th 2020 and is set to block and report. Is the recommendation from McAfee to remain in block or is it to write a specific exclusion?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.