We have seen this alert triggering more often since last week for different causes. For example, we have an in-house developed application that launches chrome and Cortex triggers the rule: virtual_protect_hide_rwx based on this action. Any ideas if this was added lately?
The reason why it triggers on opening chrome is because the chrome process will do some memory injections itself.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!