Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: What rule is causing policy action blocks with the TTP: HAS_SCRIPT_DLL?

Endpoint Standard: What rule is causing policy action blocks with the TTP: HAS_SCRIPT_DLL?

Environment

  • Endpoint Standard (formerly CB Defense) Web Console: All Versions
  • Endpoint Standard Sensor: All Versions
  • Policy Action blocks with TTP: HAS_SCRIPT_DLL

Question

What rule is causing blocks due to a Deny operation or Terminate process policy action, with the TTP 'HAS_SCRIPT_DLL'?

Answer

The TTP 'HAS_SCRIPT_DLL' can be linked to the 'Invokes a command interpreter', 'Scrapes memory of another process' or the 'Injects code or modifies memory of another process' Operation Attempt of a policy rule

Additional Notes


Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
632