Target Parent Process Hash: 1bb97e45d30d6884217b70e215591f97
Target Name: IEXPLORE.EXE
Target Path: C:\PROGRAM FILES (X86)\INTERNET EXPLORER
Target File Size (Bytes): 815312
Target Modify Time: 9/9/17 3:47:21 AM
Target Access Time: 11/6/17 8:17:32 AM
Target Create Time: 11/6/17 8:17:32 AM
API Name: InternetReadFile
First Action Status: Not available
Second Action Status: Not available
Description: ExP:Invalid Call was detected as an attempt to exploit C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE called from module MCIEPLUGIN.DLL, which targeted the InternetReadFile API. It wasn't blocked because Exploit Prevention was set to Report Only.
Attack Vector Type: Local System
As far as i discovered, thats not really a threat and can be excluded. So i went to the exploit prevention policies and looked for Rule ID 6015. I found it, but it's disabled and wasn't set to report oder block.
So i created this exclusion, but it won't work, i still get those events. what am i doing wrong here?:
How can i exclude this certain type of threat? Is there a best practice guide for handling such events?
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.