cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Troubleshooting DAC Unknown file is contained.

Jump to solution

I have been seeing some strange Threat Event entries for a particular server. My ENS 10.7 DAC settings are default (Trigger Dynamic Application Containment when reputation threshold reaches:
Might be Malicious) and no rule name is referenced. I am puzzled as to why the file is being contained by DAC. Is there any additional troubleshooting options that I can utilize?

The message is: Description: Adaptive Threat Protection ran the Microsoft.PowerShell.Commands.Utility.ni.dll application in a container because its reputation (Unknown) is below the configured containment threshold.

Threat Name: ATP/Suspect!fba6935314a0
Threat Type: Dynamic Application Containment
Source File Path: C:\Windows\System32\WindowsPowerShell\v1.0
Target Name: Microsoft.PowerShell.Security.ni.dll
Threat Source Process Name: powershell.exe
Threat Target Process Name: Microsoft.PowerShell.Commands.Utility.ni.dll

Thank you.

1 Solution

Accepted Solutions
Tares1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Troubleshooting DAC Unknown file is contained.

Jump to solution

Hello @Former Member

Thank you for reaching the support community.

If the issue is reproducible I recommend enabling debug logging on ENS ATP and opening a support case for analysis of the event.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Tiago A

View solution in original post

1 Reply
Tares1
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 2

Re: Troubleshooting DAC Unknown file is contained.

Jump to solution

Hello @Former Member

Thank you for reaching the support community.

If the issue is reproducible I recommend enabling debug logging on ENS ATP and opening a support case for analysis of the event.

 

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Tiago A

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community