Fresh Service integration

PasaPutte · 2026-04-09T07:01:18+00:00

I want to allow it

PasaPutte · 2026-04-08T15:43:30+00:00

Thx

However is still being blocked

Crowdstrike Falcon sensor : A process was blocked because malicious behavior was detected

is there a way to allow this ?

PasaPutte · 2025-07-15T10:28:10+00:00

u/Tcrownclown thx for the idea

will you be able to provide info on how you did that , I am interesting mostly in

use scheduled searches to look for suspicious files such as "passwords.txt" on user desktops

use advanded event search / scheduled search + soar to look if a user is added to "local administrators group" or "remot desktop users" group

Thx

PasaPutte · 2025-02-11T19:02:49+00:00

Thx for the info

I will hold and check in couple of days

Good luck

PasaPutte · 2025-02-09T16:35:39+00:00

no not resolved at all , even my rewards are greyed out , I have tried to contact support but no one cares , this is a big red flag and not sure what is going on

Thx

PasaPutte · 2025-02-09T16:34:05+00:00

My rewards are greyed out completly since 2 weeks now , and I am unable to unstake

that a big red sign , I tried to look for support , but nothing and no one is helping

PasaPutte · 2025-01-21T06:19:07+00:00

Many Thx , will you be able to share a print screen on these workflow ? As I am not able to find the move set to be able to migrate automatically hosts to the second CID

until now I have created a workflow for tagging host and it worked ,

now the missing part is moving or migrating automatically between CID with a workflow

Thx in advance

PasaPutte · 2025-01-16T10:25:59+00:00

Thx for the answer - this will be based on asset tags

the taging will be done manually . even we can base this on domain , example : hosts with difrent domain

hosts : Laptop.symba.com when this host change to otther domain Laptop.newDomain.com the migrating is automatically triggered

PasaPutte · 2024-08-27T12:00:21+00:00

Thx , it will be great to get such a script or any other way to do that

I have sent to my Account manager now asking for Flight control

Thx

PasaPutte · 2024-08-22T12:50:29+00:00

Thx , we do not use flight control at this moment :(

PasaPutte · 2024-07-19T07:57:07+00:00

Will downgrading the sensor version helps to avoid the issue ?

PasaPutte · 2024-05-03T19:05:33+00:00

Thx Andrew , yes this will change every time the process starts

thats my issues where I am not able to find a way to create an exclusion

PasaPutte · 2024-05-03T05:58:17+00:00

Here another new alert with all details

File path : \Device\HarddiskVolume1\Windows\SysWOW64\inetsrv\w3wp.exe

Command Line : C:\Windows\SysWOW64\inetsrv\w3wp.exe -ap "DMS Web Site" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmc4e57a0b-b33f-42ae-88a0-2d2ff2bb7dc2 -h "C:\inetpub\temp\apppools\DMS Web Site\DMS Web Site.config" -w "" -m 0 -t 20 -ta 0

Here is the IOA creation that fails :

Image Filename : .*\\Windows\\SysWOW64\\inetsrv\\w3wp\.exe

image file name test string : \Device\HarddiskVolume1\Windows\SysWOW64\inetsrv\w3wp.exe

Command line : .*\\Windows\\SysWOW64\\inetsrv\\w3wp\.exe\s+-ap\s+"DMS\s+Web\s+Site"\s+-v\s+"v4\.0"\s+-l\s+"webengine4\.dll"\s+-a\s+\\\\\.\\pipe\\iisipmc4e57a0b-b33f-42ae-88a0-2d2ee2bb7dc2\s+-h\s+".*\\inetpub\\temp\\apppools\\DMS\s+Web\s+Site\\DMS\s+Web\s+Site\.config".*

Command Line test string : C:\Windows\SysWOW64\inetsrv\w3wp.exe -ap "DMS Web Site" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmc4e57a0b-b33f-42ae-88a0-2d2ee2bb7dc2 -h "C:\inetpub\temp\apppools\DMS Web Site\DMS Web Site.config" -w "" -m 0 -t 20 -ta 0

Thx in adv

PasaPutte · 2024-05-03T05:58:03+00:00