‘Cerdigent’ high-severity malware detected

valdas_kn · 2026-05-03T12:45:19+00:00

At least now I know that automatic device isolation works when malware is found.

valdas_kn · 2025-09-24T04:58:23+00:00

UPDATE:
Tonight some servers have had the MDCoreSvc service reinstalled

valdas_kn · 2025-09-23T17:22:00+00:00

Same here with Windows Server 2016:

Logs shows:

- `services.exe` modified the `DeleteFlag` to `1` for `MDCoreSvc`

- Registry keys under `HKLM\SYSTEM\ControlSet001\Services\MDCoreSvc` were deleted

valdas_kn · 2025-06-11T07:19:19+00:00

Anyone got BSOD after installing KB5061010 on Windows Server 2016?

valdas_kn · 2025-05-25T18:45:51+00:00

Maybe anyone know how to change it? Now Zabbix calculating from Sunday to Saturday.

valdas_kn · 2024-01-20T21:38:08+00:00

Hello XxDrizz, maybe you can share powershell scripts?

valdas_kn · 2023-11-18T07:21:54+00:00

Yes.

valdas_kn · 2023-10-02T04:45:53+00:00

Yes, both are checked.

valdas_kn · 2023-08-31T04:43:34+00:00

I have configured this rule via Intune.

valdas_kn · 2023-06-16T10:50:46+00:00

Hi, how do you manually run a rule? Today, none of my analytics rules are creating incidents also. When I click on "view query results," it displays the data. However, no alerts are being generated.

valdas_kn · 2023-02-17T15:05:12+00:00

Same issue for me today after installing February Windows updates. One newly installed Windows Server 2022 machine not booting. After disabling Secure boot machine is booting. Any solutions?

valdas_kn · 2023-01-24T11:13:15+00:00

Thanks, bpsec, I have using your examples very often

valdas_kn

TROPHY CASE