Jump to content
Sign in to follow this  
Dpool

Powershell scripts in Windows Temp

Recommended Posts

Hey guys,


I noticed on some of our WIN10 machines there are some PS1 scripts being created by Kaspersky Endpoint Security process (avp.exe).
An example file name is like this:

C:\Windows\Temp\ioc4B86B2ED-D668-9242-8084-1CB953288AEE.ps1

Is this normal behaviour? Or is it something alarming?
What does it mean actually?


Thanks.

Edited by Dpool

Share this post


Link to post
30 минут назад, Dpool сказал:

Hey guys,


I noticed on some of our WIN10 machines there are some PS1 scripts being created by Kaspersky Endpoint Security process (avp.exe).
An example file name is like this:

C:\Windows\Temp\ioc4B86B2ED-D668-9242-8084-1CB953288AEE.ps1

Is this normal behaviour? Or is it something alarming?
What does it mean actually?


Thanks.

Hello!

Please specify the versions of your products.

Thank you!

Share this post


Link to post
4 часа назад, Dpool сказал:

Kaspersky Endpoint Security

Version: 10.3.0.6294 AES256

Can you please describe why you linked that this files with product?

Thank you!

Share this post


Link to post

Our SIEM reports that the process creating this scripts is AVP.exe which belongs to Kaspersky Endpoint Security.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.