FlashPlayerUpdateService.exe

Question

Hi, 
 
 Recently I received a message about a handful of computers with the following message and I am wondering what action(s) I need to take, if any: 
 
 What happened: We prevented a privilege escalation exploit in C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe. This type of exploit gives an application access to resources it shouldn&rsquo;t have. 
 Path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 
 What was detected: PrivGuard 
 How severe it is: High 
 What Sophos has done so far: We prevented the privilege escalation and ran a scan to clean up the computer. 
 What you need to do: Investigate the cause of the alert. When you are sure the system is clean, acknowledge the alert.\ 
 
 Thank you.

DianneY · Accepted Answer

Hello Sophos User1524 
 Please go through this document regarding PrivGuard/CredGuard detections . 
 You can check Application event viewer logs for 911 events, to investigate where the detection is coming from. If you determine that this is coming from a legitimate application that you use in your organization, you can Allow these to keep these detections from occurring; otherwise, if the detection is coming from an unknown source, you don't have to do anything as Sophos is already blocking it.