Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
848
Views
0
Helpful
2
Replies

Windows System32 Directory File Creation

sameer.devlekar
Level 1
Level 1

‎04-22-2010 10:27 PM - edited ‎03-10-2019 04:58 AM

Hi Folks,

I get sevral alerts from my IDS system says, "Windows System32 Directory File Creation" as an event.

Could you please help me out understand the exact meaning for this alerts.

Thanks in advance,

Sameer

Labels:
0 Helpful
2 Replies 2

johan.kellerman
Level 1
Level 1

‎04-23-2010 12:40 AM

Hi

This is pretty straith forward. A file has been created in the ..%windowsroot%\system32 directory.

If you turn on verbose logging for this signature you can see what file has been created.

Br

Johan Kellerman

0 Helpful

sameer.devlekar
Level 1
Level 1
In response to johan.kellerman

‎04-25-2010 11:42 PM

Hi Johan,

I tried using that but, the report doesn't seem to shows any useful info. Please let me know if we have any other possible way to investigate this cause.

Thanks,

Sameer

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card