Query Regarding Real Time Windows Defender Alert

  • Thread starter Thread starter BalajiRavichandran
  • Start date Start date
B

BalajiRavichandran

Guest
Hi Alert,


I manage Antivirus for a company. We use Windows Defender AV. Our OS are Win 10 v1809.


I am getting alerts from machines, where I can see my user ID in the logs, but actually I didnt login those machine at the time of infection.


Alert:-


Detection time(UTC time): 4/26/2020 3:04:55 PM Malware file path: file:_C:\Users\mark.bowlin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\grammarly-keyboard-type-with-confidence_3014778243 (1).exe;webfile:_C:\Users\mark.bowlin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\grammarly-keyboard-type-with-confidence_3014778243 (1).exe|balaji.shanmugavel%40capitalone.com%7C9ba54c461d874e42dc8f08d7e9f39f67%7C9e66e0b4768c4506a1b67e44c80595f2%7C0%7C0%7C637235104869506941&sdata=hMf1zUXuhNOubK5FGzn9nPreOQwLh%2Fja645pp3sKxa0%3D&reserved=0

Remediation action: Remove


Action status: Succeeded

If I decode the URL part in the log message I can get something like this:-

[/URL]*** Email address is removed for privacy ***|9ba54c461d874e42dc8f08d7e9f39f67|9e66e0b4768c4506a1b67e44c80595f2|0|0|637235104869506941&sdata=hMf1zUXuhNOubK5FGzn9nPreOQwLh/ja645pp3sKxa0=&reserved=0

I can see similar alerts in multiple machines. Can you please explain what is going on?

More...
 
Back
Top