Environment
- Endpoint Standard (formerly CB Defense) Web Console: All Versions
- Endpoint Standard Sensor: All Versions
- Policy Action blocks with TTP: HAS_SCRIPT_DLL
Question
What rule is causing blocks due to a Deny operation or Terminate process policy action, with the TTP 'HAS_SCRIPT_DLL'?
Answer
The TTP 'HAS_SCRIPT_DLL' can be linked to the 'Invokes a command interpreter', 'Scrapes memory of another process' or the 'Injects code or modifies memory of another process' Operation Attempt of a policy rule
Additional Notes
Related Content