Add new Event IDs for virus/tamper matches #718
Commits on Jul 2, 2020
-
Add new Event IDs for virus/tamper matches
xample logs... 2020 Jul 01 14:29:17 WinEvtLog: Application: ERROR(51): Symantec AntiVirus: SYSTEM: NT AUTHORITY: agent123: Security Risk Found! signature123 in File: c:\windows\system32\windowspowershell\v1.0\powershell.exe by: scan scan. Action: . Action Description: Access Denied 2020 Jul 01 14:08:20 WinEvtLog: Application: INFORMATION(45): Symantec AntiVirus: SYSTEM: NT AUTHORITY: agent123: Scan type: Tamper Protection Scan Event: Tamper Protection Detection Security risk detected: C:\PROGRAM FILES (X86)\THING\THING.EXE File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3897.1101.105\Bin\ccSvcHst.exe Location: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3897.1101.105\Bin Computer: AGENT123 User: SYSTEM Action taken: Access denied Date found: 01 July 2020 14:08:20
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.