ATP identified "[email protected]"

Sascha

Sascha

New member
Good morning,

our customer’s ATP (Advanced Threat Protection) identified the function “[email protected]”. What is this function doing?

Malicious Indicators

He want to isolate this function.

Thank you
 
It’s a core function used by our virtual file system engine. The NtQueryDirectoryFile routine returns various kinds of information about files in the directory specified by a given file handle. There is no special reason why an antivirus would not allow applications to use that Windows API.
Did you code sign your EXE file?
 
Sascha said:
ATP (Advanced Threat Protection)
Click to expand...
It is not normal antivirus, it is ATP (Advanced Threat Protection). The name of this ATP is “MITRE ATT&CK”.
Yes, I coded sign my EXE file (Dual SHA1-SHA256) and my certificate is valid.

This problem is not urgent anymore but maybe helpful for you.

Thank you
 
Last edited:
You must log in or register to reply here.
Back
Top