Closed celalettin-turgut closed 5 days ago
4d7cda18-1b12-4e52-b45c-d28653210df8
ActionType:ProcessCreated FileName: fltMC.exe FolderPath: C:\Windows\System32\fltMC.exe ProcessCommandLine: fltmc.exe unload DFMFilter InitiatingProcessFileName:DCFAService64.exe InitiatingProcessCommandLine: DCFAService64.exe -stop DFMFilter InitiatingProcessFolderPath: c:\program files (x86)\manageengine\uems_agent\bin\dcfaservice64.exe InitiatingProcessParentFileName: dcconfig.exe
Legitimate behaviour from manageengine. Log has been extracted from Microsoft Defender
Will be fixed in #4872
nasbench
commented
5 days ago nasbench
commented
5 days ago
Rule UUID
4d7cda18-1b12-4e52-b45c-d28653210df8
Example EventLog
ActionType:ProcessCreated FileName: fltMC.exe FolderPath: C:\Windows\System32\fltMC.exe ProcessCommandLine: fltmc.exe unload DFMFilter InitiatingProcessFileName:DCFAService64.exe InitiatingProcessCommandLine: DCFAService64.exe -stop DFMFilter InitiatingProcessFolderPath: c:\program files (x86)\manageengine\uems_agent\bin\dcfaservice64.exe InitiatingProcessParentFileName: dcconfig.exe
Description
Legitimate behaviour from manageengine. Log has been extracted from Microsoft Defender