HitmanPro.Alert generated a Attack Intercepted alert for Mitigation: Lockdown what just happened?
First this doesn't mean that the action is malicious, the description in the alert is:
Code execution was blocked because this program was dropped by a productivity application that is not meant to execute external scripts or introduce new code.
So I could be that some software was updating and in that process tried to introduce a new untrusted executable to the machine, think of this as a Microsoft Word macro downloading malware and trying to execute that, this would stop that without a signature or other prior knowledge of a possible attack.
An other exploitation route is so called LOLBins e.g. Office document running powershell or wscript 99 out of 100 times this is not seen on consumer machines and we block that to prevent exploitation.
Sometimes this does break legit applications that don't handle their updates according to the latest IT hygiene, e.g. using unsigned binaries instead of code-signing them. In that case we might trigger an alert that you could deem a false-positive. If you run in to such alert and you are sure you want to allow it you can use the Suppress Alert option, else please contact support@hitmanpro.com with the technical details so we can have a look for you.
Comments
0 comments
Article is closed for comments.