topic Azure Windows Defender alerted to Phonzy.A!ml in VM-Series in the Public Cloud https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/azure-windows-defender-alerted-to-phonzy-a-ml/m-p/590948#M2208 <P>Getting an alert from Azure defender and unable to find any reference regarding the alert in the community sections.&nbsp;</P> <P>&nbsp;</P> <DIV id="fxc-gc-cell-content_1_0" class="fxc-gc-cell fxc-gc-columncell_1_0" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">pps_parport.ko&nbsp; &nbsp;<SPAN>/usr/lib/modules/4.18.0-80.11.2.10.pan.x86_64/kernel/drivers/pps/clients</SPAN></DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> <DIV class="fxc-gc-text"><SPAN><SPAN><SPAN>'Phonzy' malware was detected (Agentless)</SPAN></SPAN></SPAN></DIV> <DIV class="fxc-gc-text"> <DIV id="fxc-gc-cell-content_4_0" class="fxc-gc-cell fxc-gc-columncell_4_0" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">Trojan:Script/Phonzy.B!ml</DIV> </DIV> <DIV id="fxc-gc-cell-content_4_1" class="fxc-gc-cell fxc-gc-columncell_4_1" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">Trojan</DIV> </DIV> <DIV id="fxc-gc-cell-content_4_2" class="fxc-gc-cell fxc-gc-columncell_4_2" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">pps_parport.ko</DIV> </DIV> </DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> <DIV class="fxc-gc-text">has anyone seen this and is this a result of the CVE issue?&nbsp;</DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> </DIV> Tue, 02 Jul 2024 15:40:50 GMT Keough 2024-07-02T15:40:50Z Azure Windows Defender alerted to Phonzy.A!ml https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/azure-windows-defender-alerted-to-phonzy-a-ml/m-p/590948#M2208 <P>Getting an alert from Azure defender and unable to find any reference regarding the alert in the community sections.&nbsp;</P> <P>&nbsp;</P> <DIV id="fxc-gc-cell-content_1_0" class="fxc-gc-cell fxc-gc-columncell_1_0" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">pps_parport.ko&nbsp; &nbsp;<SPAN>/usr/lib/modules/4.18.0-80.11.2.10.pan.x86_64/kernel/drivers/pps/clients</SPAN></DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> <DIV class="fxc-gc-text"><SPAN><SPAN><SPAN>'Phonzy' malware was detected (Agentless)</SPAN></SPAN></SPAN></DIV> <DIV class="fxc-gc-text"> <DIV id="fxc-gc-cell-content_4_0" class="fxc-gc-cell fxc-gc-columncell_4_0" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">Trojan:Script/Phonzy.B!ml</DIV> </DIV> <DIV id="fxc-gc-cell-content_4_1" class="fxc-gc-cell fxc-gc-columncell_4_1" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">Trojan</DIV> </DIV> <DIV id="fxc-gc-cell-content_4_2" class="fxc-gc-cell fxc-gc-columncell_4_2" role="gridcell" aria-readonly="true"> <DIV class="fxc-gc-text">pps_parport.ko</DIV> </DIV> </DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> <DIV class="fxc-gc-text">has anyone seen this and is this a result of the CVE issue?&nbsp;</DIV> <DIV class="fxc-gc-text">&nbsp;</DIV> </DIV> Tue, 02 Jul 2024 15:40:50 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/azure-windows-defender-alerted-to-phonzy-a-ml/m-p/590948#M2208 Keough 2024-07-02T15:40:50Z Re: Azure Windows Defender alerted to Phonzy.A!ml https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/azure-windows-defender-alerted-to-phonzy-a-ml/m-p/590983#M2209 <P>Hi <SPAN style="color:var(--ck-color-mention-text);"><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/338152">@Keough</a></SPAN> ,</P><P>&nbsp;</P><P>I am also unable to find references regarding this. Are there additional details to the alert? Did they provide a hash? I would recommend creating a case with MS Defender to understand the nature of this detection. &nbsp;You can also compare the verdict with another vendor as well and enter it into WF.&nbsp;</P><P>&nbsp;</P> Wed, 03 Jul 2024 05:45:32 GMT https://live.paloaltonetworks.com/t5/vm-series-in-the-public-cloud/azure-windows-defender-alerted-to-phonzy-a-ml/m-p/590983#M2209 JayGolf 2024-07-03T05:45:32Z