Think you have a false positive on this rule?

Sid 1-49162

Message

OS-WINDOWS Microsoft Windows NtTraceControl information disclosure attempt

Summary

This event is generated when information disclosure exploitation is attempt is made using NtTraceControl on Windows system

Impact

Attempted Administrator Privilege Gain

Detailed information

Affected systems

  • Windows based OS

Ease of attack

False positives

False negatives

Corrective action

Contributors

  • Cisco Talos Intelligence Group

Additional References

  • portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0661