Kurt Buff
unread,Jun 3, 2024, 12:35:55 PMJun 3Sign in to reply to author
Sign in to forward
You do not have permission to delete messages in this group
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ntsys...@googlegroups.com
I was reviewing my A/V logs from over the weekend this morning, and
found a single executable (OneDriveStandaloneUpdater.exe) in them with
over 2k instances, and executables with that name showed 9 different
MD5 hashes.
I looked them up on VT, and all showed as benign, with signatures from
MSFT and everything, but that many variants of a single executable
raised my eyebrows a bit.
We do have around 1k workstations, so the volume of log entries isn't
too surprising, however. We're all Win10 22H2, but there is some
variance in our O365 installs - Not as many as 9, AFAICT. I might have
to do an audit to figure this out.
Interesting start to the week...
Kurt