Hello together,
I received a notification from our Crowd Strike Endpoint solution.
Crowdstrike stops an unknown process:
msiexec /q /i c:\windows\temp\aq.msi
I cannot find the msi package at the temp folder.
The local EventManager shows a entry: Configuration option 'show advanced options' changed from 0 to 1. Run the RECONFIGURE statement to install.
I think that the sql server service starts the installation from the msi package.
Crowd and Microsoft Defender do not find any other threats.
The Fortigate is patched to version 7.0.14. EWS is on Build 7.07.
What further checks can I do to be sure to prevent a security lack?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello samrein,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello samrein,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello samrein,
One of our expert is suggesting to raise a ticket to our TAC:
https://support.fortinet.com/welcome/#/
They will help you to resolve this.
Regards,
Anthony
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.