This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
规则名称为 "bioc.vulnerable_driver_dropped_$name "的BTP警报是否为假阳性检测?
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- 简体中文 Simplified Chinese Community
- Strata
- Configuration and Deployment
- 配置和实施
- 规则名称为 "bioc.vulnerable_driver_dropped_$name "的BTP警报是否为假阳性检测?
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report This Content
juzhang
L2 Linker
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report This Content
on 01-19-2023 03:53 AM
No ratings
总结:
这篇文章描述了BTP警报的情况,它的规则名称如下。
bioc.vulnerable_driver_dropped_$name
bioc.sync.vulnerable_driver_loaded_$name
bioc.sync.vulnerable_driver_by_original_name_loaded_$name
bioc.sync.vulnerable_driver_by_signer_name_loaded_$name
bioc.sync.malicious_driver_by_signer_name_loaded_$name
bioc.sync.malicious_driver_by_original_name_loaded__$name
环境:
- Cortex XDR for Windows
- Behavioral Threat Protection (BTP)
答案:
这不是一个假阳性检测。
这是一个易受攻击的驱动程序,正在被客户机器上的一个应用程序使用。所以我们阻止了它。
这个驱动程序可以被攻击者滥用,以获得权限的提升。
注意:如果一个规则名称有这些内容,它不是一个假阳性。它们也是由有漏洞的驱动文件引起的。
bioc.vulnerable_driver_dropped_$name
bioc.sync.vulnerable_driver_loaded_$name
bioc.sync.vulnerable_driver_by_original_name_loaded_$name
bioc.sync.vulnerable_driver_by_signer_name_loaded_$name
bioc.sync.malicious_driver_by_signer_name_loaded_$name
bioc.sync.malicious_driver_by_original_name_loaded__$name
Rate this article:
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks