VMware environment.
DC's monitored using MS Defender for Identity with sensors installed on all the DC's
Daily there is an alert in Defender ATP
Remote code execution attempt.
An actor attempted to run commands remotely on 2 domain controllers from Veeam Server using Service creation
We know its not an issue, but trying to understand what is happening.
-
wobble_wobble
- Novice
- Posts: 7
- Liked: 4 times
- Joined: Feb 18, 2015 9:54 pm
- Full Name: Joseph McGlynn
- Contact:
-
Andreas Neufert
- VP, Product Management
- Posts: 7076
- Liked: 1510 times
- Joined: May 04, 2011 8:36 am
- Full Name: Andreas Neufert
- Location: Germany
- Contact:
Re: Trying to understand Microsoft Defender for Identity allert.
https://helpcenter.veeam.com/docs/backu ... ml?ver=110
Our guest processing login by RemoteRPC into the system, transport our VSS Requestor and install it. Then process VSS consistency with Software Snapshots.
After the VM snapshot we remove the VSS Consistency and remove our VSS requestor in the end (uninstall it).
There is more to this, please check the documentation link above.
Our guest processing login by RemoteRPC into the system, transport our VSS Requestor and install it. Then process VSS consistency with Software Snapshots.
After the VM snapshot we remove the VSS Consistency and remove our VSS requestor in the end (uninstall it).
There is more to this, please check the documentation link above.
-
wobble_wobble
- Novice
- Posts: 7
- Liked: 4 times
- Joined: Feb 18, 2015 9:54 pm
- Full Name: Joseph McGlynn
- Contact:
Re: Trying to understand Microsoft Defender for Identity allert.
Thanks for the swift response with all the required info.
Much appriciated.
Much appriciated.
Who is online
Users browsing this forum: Google Adsense [Bot] and 61 guests