For details on cookie usage on our site, read our Privacy Policy
Another week, another BTP quirk: Behavioral threat detected (rule: sync.enable_safemode_on_next_reboot) spawned from VEEAM
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- Re: Another week, another BTP quirk: Behavioral threat detected (rule: sync.enable_safemode_on_next_reboot) spawned from VEEAM
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Another week, another BTP quirk: Behavioral threat detected (rule: sync.enable_safemode_on_next_reboot) spawned from VEEAM
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-17-2022 12:44 AM
We are observing VEEAM VeeamTransportSvc.exe being blocked by BTP and, thus, preventing backups from being started.
We are working on a temporary fix excluding path and cgo and the likes but this is the second week in a row that content updates are screwing, this time impacting operations.
Already filled a support case.
BR
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-19-2022 01:40 AM
Content Update 650-11758 has wroked for us, but we had to restart services as per this list from @jturner_storm7
net stop "System Event Notification Service" /y
net start "System Event Notification Service"
net stop "Background Intelligent Transfer Service" /y
net start "Background Intelligent Transfer Service"
net stop "COM+ Event System" /y
net start "COM+ Event System"
net stop "Microsoft Software Shadow Copy Provider" /y
net start "Microsoft Software Shadow Copy Provider"
net stop "Volume Shadow Copy"
net start "Volume Shadow Copy"
net start "System Event Notification Service"
net start "DFS Replication"
net start "DHCP Server"
My colleagues shortened this by restarting "COM+ Event System" and letting that restart all the dependent services
With the CU and this restart our backups are now working.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-20-2022 12:35 AM
The Veeam Backups are working again with Content Update 650-11758. (Backups from the VM Servers with Veeam and Veeam Backup Agent for physical servers)
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-22-2022 07:07 AM
im still getting many alerts from
Vulnerable driver 'WinRing0.sys' was loaded to the system - Behavioral threat detected (rule: sync.vulnerable_driver_loaded_WinRing0.sys)
and my CU 650-11758
this is stupid CU.
- Mark as New
- Subscribe to RSS Feed
- Permalink
08-22-2022 10:59 PM
I'm also getting this, turns out it's Atera Agent causing the problem for me, and i have not been able to verify if it is a genuine threat or not.
- Detection Logic For CVE-2023-23397 - Microsoft Outlook in Cortex XDR Discussions
- Detect critical assets without agent in Cortex XDR Discussions
- Global Exceptions in Cortex XDR Discussions
- Cortex XDR quarantined Chrome in Cortex XDR Discussions
- Detect where a process has been killed in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
