Open joshnck opened 1 year ago
If that is a crowdstrike alert (no idea how I though of this ahem ahem ahem cough cough) then it's not related to this specific path, there's a DCOM operation in the raw eam2 telemetry (splunk events) with a GUID pointing to one specific operation which touches the VSS services. they (CS) generate a bunch of FP these days with that. their web UI is really confusing and does not show anywhere this critical piece of information, you have to dig down int the splunk telemetry data. also, we're hiring.