I need a solution
This might be a basic question but I'm not really a security expert. SEP has flagged powershell.exe on a user's computer so they sent me the ticket (I'm desktop support) and I'm not sure if I should worry or what the appropriate action should be. I tried searching on google but didn't find an answer. I copied the notes I have below. Thanks.
Risk name: SONAR.AM.PS!g1
File path: c:\windows\system32\windowspowershell\v1.0\powershell.exe
Event time: Aug 13, 2019 11:04:49 AM
Database insert time: Aug 16, 2019 3:38:42 PM
Source: Heuristic Scan
Description:
User: SYSTEM
Computer: Computername
IP Address: xxx.xxx.xx.xxx
Domain: Default
Server: Server
Client Group: My Company\AWclients
Action taken on risk: Access denied
0