You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Running Create-Policies.ps1 triggers SentinelOne as malicious. Powershell is terminated and Accesschk.exe is quarantined.
Alert Name: Shadow copy Deletion detected
Severity: High
Notable Events and MITRE ATT&K ID's (appears to be in reverse order):
Deletes shadow copy Impact (T1490)
Identified attempt to access a raw volume Discovery (T1082)
User logged on Persistence (T1078) X4
Obfuscated PowerShell command executed from an LNK file was detected Defense Evasion (T1027) X3
An obfuscated PowerShell command was detected Defense Evasion (T1027) X3
Powershell execution policy was changed Execution (T1059.001)
Process started from shortcut file Execution (T1204)
Indirect command was executed Defense Evasion (T1218) X2
The text was updated successfully, but these errors were encountered:
Running Create-Policies.ps1 triggers SentinelOne as malicious. Powershell is terminated and Accesschk.exe is quarantined.
Alert Name: Shadow copy Deletion detected
Severity: High
Notable Events and MITRE ATT&K ID's (appears to be in reverse order):
Deletes shadow copy Impact (T1490)
Identified attempt to access a raw volume Discovery (T1082)
User logged on Persistence (T1078) X4
Obfuscated PowerShell command executed from an LNK file was detected Defense Evasion (T1027) X3
An obfuscated PowerShell command was detected Defense Evasion (T1027) X3
Powershell execution policy was changed Execution (T1059.001)
Process started from shortcut file Execution (T1204)
Indirect command was executed Defense Evasion (T1218) X2
The text was updated successfully, but these errors were encountered: