cancel
Showing results for 
Search instead for 
Did you mean: 

What is “JTI/Suspect.131328” from McAfee?

Using McAfee Endpoint Security 10.6 on Windows 10 it is the second time I got the:

warning.png

Warning.

I cannot find anything related to it while Googling around: "JTI/Suspect.131328"

The question: is this a false alert? Or not?

1 Reply
Highlighted
Reliable Contributor ninov_n
Reliable Contributor
Report Inappropriate Content
Message 2 of 2

Re: What is “JTI/Suspect.131328” from McAfee?

Hello,

Such events sometimes could be addressed as False-Positive but it depends on the exact threat details:

Similar detections

You can find some additional details in below article:

How to identify what rule corresponds to an Adaptive Threat Protection and Threat Intelligence Excha...

JTI means that it comes from a reputational/behavioral check of that scanner part of Adaptive Threat Protection.

If you share all details of that threat event, we can take a look and find out what exactly happened.

Most probably CMD executed suspicious/malicious command within the System32 folder which is important system storage.

In case above information was useful or answered your question, please select "Accept as Solution" in my reply, or give a Kudo. Thanks!
Nino