I need a solution
Hi all. I often see these with customer systems, via SEP 12, 14, SEPC, and SEP SBE deployments. I alwyas wonder - do they indicate that a system compromise occured and somebody dumped active malware onto the computer, having bypassed endpoing security, or, because of the fact that it is a script and is likely launched via visiting a website, it's just showing a file path that scripts normally end up in when they try to launch. Sorry, early in the morning, may not be wording myself correctly. Here's a path to a sample detection found this morning:
\users\username\appdata\local\packages\microsoft.microsoftedge_8wekyb3d8bbwe\ac\#!001\microsoftedge\cache\efg5451j\script[2].jsoc (I put "jsoc at the end, replacing .js just in case this post gets filtered).
So is this a script a website tried to store or launch, or does it mean someone already bypassed security and placed a script in a local file path? Thanks very much.
0