10-11-2021 03:37 PM
Hello LiveCommunity, I wondered if any others are seeing a very high number of recently created (in the last few hours) "Memory Corruption Exploit" alerts in Cortex XDR?
Beginning around 1015 Pacific this morning (11 Oct) thru as recent at 1518 Pacific, 11 Oct there has been numerous alerts fired across many different Workstations
Seeing many different Initiator Paths such as:
C:\Windows\System32\spoolsv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
I thought perhaps it was a Content update, but does not look like there has been a new content update since sometime last week.
10-12-2021 02:57 PM
Hello,
In this case, I would recommend opening a support case if you have concerns that this being a false positive. The support team can assist you to further investigate what behavior changed, in the meantime, you have the option to suppress these alerts.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
