- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Hi @Balaraju You'll need to take a look at the alert itself, and investigate through the Causality Chain to identify the DLL that is being tried to load. You will see a process that is trying to load the DLL for each alert.
Next, look at your Exploit profile applied to the endpoint/set of endpoints. You probably have a list of DLL's blocked in the Profile configuration.
The configuration of that setting determines if the attack is disabled, reported or prevented.