Think you have a false positive on this rule?

Sid 1-48238


OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt


This event is generated when an executable designed to delete arbitrary files traverses the network.


Attempted Administrator Privilege Gain

Detailed information

Microsoft Windows 10 Microsoft Data Sharing has a bug that allows for arbitrary deletion of files without having to impersonate admin.

Affected systems

  • Windows 10, Windows Server 2016, Windows Server 2019.

Ease of attack

False positives

None known.

False negatives

None known.

Corrective action


  • Cisco's Talos Intelligence Group

Additional References