Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Windows System32 Directory File Creation

Hi Folks,

I get sevral alerts from my IDS system says, "Windows System32 Directory File Creation" as an event.

Could you please help me out understand the exact meaning for this alerts.

Thanks in advance,

Sameer

2 REPLIES
Community Member

Re: Windows System32 Directory File Creation

Hi

This is pretty straith forward. A file has been created in the ..%windowsroot%\system32 directory.

If you turn on verbose logging for this signature you can see what file has been created.

Br

Johan Kellerman

Community Member

Re: Windows System32 Directory File Creation

Hi Johan,

I tried using that but, the report doesn't seem to shows any useful info. Please let me know if we have any other possible way to investigate this cause.

Thanks,

Sameer

296
Views
0
Helpful
2
Replies
CreatePlease to create content