Information Security Stack Exchange is a question and answer site for information security professionals. It only takes a minute to sign up.
Sign up to join this community
Anybody can ask a question
Anybody can answer
The best answers are voted up and rise to the top
In my environment, I use Kaspersky for Windows Server and I have scans enabled in my environment to perform throughout the day. I’ve come across a potential exploit; CMD:HEUR:Win32.Generic and it points to the path where powershell.exe is located with a command afterwards. The process name is services.exe with a PID of 988, and yet I cannot find anything on this. Services.exe in the processes points to the correct path in the system32 folder. Server resources are not drained. Nothing weird seems to be happening on this server but yet, I keep getting this potential exploit alert. What is this and how do I resolve it? Has anyone seen this before? Am I missing something?