We recently migrated from VSE 8.8 to ENS 10.5.3 and now I am getting thousands of false positives such as:
NT AUTHORITY\SYSTEM ran CSCRIPT.EXE, which tried to access C:\WINDOWS\TEMP, violating the rule "Executing scripts by Windows script host (CScript.exe or Wscript.exe) from common user folders", and was blocked. For information on how to respond to this event, see KB85494.
Source File Path:
My question is how to exclude this so it won't alert on this anymore? I looked into configuration guide and I just dont think exclusions work for me.. 😞
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.