As the below picture says, ENS has detected "RemAdm-Rackspace" which seems to be Remote Admin Tool and has also created several Registry values. The ENS on the affected system is somehow corrupt since when clicking on Scan System button it completes instantly with no scanning. Also the machine encounters unexpected reboot (windows event ID:41). So far 5 machines are re-acting the same way.
Full scan is going on every machine in the network.
My first question is that whether we should be worried about the rest of the network! Because although ENS has detected the issue but the machine has been damaged.
And secondly, how can I view the quarantined items list from ePO?
Thank you for your post. In case of an active attack such as these, we strongly recommend that you contact support team via a Service Request to analyse the damage to ENS and confirm if it is the work of a malware.
It is best to review the Self protection policy in place and come up with an access protection rule to block this file from further execution as we see that it has impacted 5 machines already. Please create a support ticket with us for further investigation as soon as possible.
Was my reply helpful? If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.