Jump to content
Sign in to follow this  
Dpool

Powershell scripts in Windows Temp

Recommended Posts

Hey guys,


I noticed on some of our WIN10 machines there are some PS1 scripts being created by Kaspersky Endpoint Security process (avp.exe).
An example file name is like this:

C:\Windows\Temp\ioc4B86B2ED-D668-9242-8084-1CB953288AEE.ps1

Is this normal behaviour? Or is it something alarming?
What does it mean actually?


Thanks.

Edited by Dpool

Share this post


Link to post
30 минут назад, Dpool сказал:

Hey guys,


I noticed on some of our WIN10 machines there are some PS1 scripts being created by Kaspersky Endpoint Security process (avp.exe).
An example file name is like this:

C:\Windows\Temp\ioc4B86B2ED-D668-9242-8084-1CB953288AEE.ps1

Is this normal behaviour? Or is it something alarming?
What does it mean actually?


Thanks.

Hello!

Please specify the versions of your products.

Thank you!

Share this post


Link to post
4 часа назад, Dpool сказал:

Kaspersky Endpoint Security

Version: 10.3.0.6294 AES256

Can you please describe why you linked that this files with product?

Thank you!

Share this post


Link to post

Our SIEM reports that the process creating this scripts is AVP.exe which belongs to Kaspersky Endpoint Security.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.