Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 10 subscribers
  • Views 1895 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FlashPlayerUpdateService.exe

Sophos User1524

Hi,

 

      Recently I received a message about a handful of computers with the following message and I am wondering what action(s) I need to take, if any:

 

What happened: We prevented a privilege escalation exploit in C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe. This type of exploit gives an application access to resources it shouldn’t have.

Path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

What was detected: PrivGuard

How severe it is: High

What Sophos has done so far: We prevented the privilege escalation and ran a scan to clean up the computer.

What you need to do: Investigate the cause of the alert. When you are sure the system is clean, acknowledge the alert.\

 

Thank you.



This thread was automatically locked due to age.
Parents
  • +1

    Hello  

    Please go through this document regarding PrivGuard/CredGuard detections.

    You can check Application event viewer logs for 911 events, to investigate where the detection is coming from. If you determine that this is coming from a legitimate application that you use in your organization, you can Allow these to keep these detections from occurring; otherwise, if the detection is coming from an unknown source, you don't have to do anything as Sophos is already blocking it.

Reply
  • +1

    Hello  

    Please go through this document regarding PrivGuard/CredGuard detections.

    You can check Application event viewer logs for 911 events, to investigate where the detection is coming from. If you determine that this is coming from a legitimate application that you use in your organization, you can Allow these to keep these detections from occurring; otherwise, if the detection is coming from an unknown source, you don't have to do anything as Sophos is already blocking it.

Children
Unfiltered HTML