Think you have a false positive on this rule?

Sid 1-48238

Message

OS-WINDOWS Microsoft Data Sharing dssvc.dll arbitrary file deletion attempt

Summary

This event is generated when an executable designed to delete arbitrary files traverses the network.

Impact

Attempted Administrator Privilege Gain

Detailed information

Microsoft Windows 10 Microsoft Data Sharing has a bug that allows for arbitrary deletion of files without having to impersonate admin.

Affected systems

  • Windows 10, Windows Server 2016, Windows Server 2019.

Ease of attack

False positives

None known.

False negatives

None known.

Corrective action

Contributors

  • Cisco's Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8584