Think you have a false positive on this rule?

Sid 1-45873

Message

OS-WINDOWS Microsoft Windows SetProcessDeviceMap arbitrary file read attempt

Summary

This event is generated when an attempt is made to bypass file reading restrictions on Windows.

Impact

Detailed information

Affected systems

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0877