Who Me Too'd this topic

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Windows Shell Remote Code Execution Vulnerability


We are updating february hotfix on ENS and and we are getting the following alert from ePO:

Event Category:'File' class or access
Event ID:18060
Threat Severity:Critical
Threat Name:Windows Shell Remote Code Execution Vulnerability
Threat Type:Exploit Prevention
Action Taken:Would block
Threat Handled:TRUE
Analyzer Detection Method:Exploit Prevention
Events received from managed systems 
Event Description:Exploit Prevention Files/Process/Registry violation detected


We have update 950 systems so far and getting this alert from around 200 systems after the hotfix is installed.

In all cases the source process name is winword, powerpoint, excel exes and the threat target file path is C:\USERS\*username*\APPDATA\LOCAL\TEMP\DEPLOYMENT.

Is anyone experienced this issue?

Thank you for your answers.

Best Regards



Who Me Too'd this topic

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community