Service Request Ticket - # 75206

Service Request Information

CONTACT Name Mafit, Cindi   View open tasks   View tasks from last 30 days   Schedule Change Contact Date Jan 17, 2020 09:39 AM
Department The Research Institute Phone 88792
Location Email mafitc@wou.edu Request for more information Send 'Keeping in touch' email Send 'I'm thinking of you' email
SR INFO Type WOU #
Priority Equipment Type
Status Flagged
Description
Laptop Edit WOU # 20130826[Edit Inv] (opens in a new window) Bldg/Room OFF PDR
Service Tag JV3KD12 Description Dell Latitude E6440 Intel i7-4600M(2.9GHz 4M)
Serial No. JV3KD12 Location PDR

CPU Intel Core i7-4600M(2.9 GHz, 4M) 4thGEN


OS Windows 7 Pro Software MS office Pro Plus 2013 from P0094096

Wired NIC EC:F4:BB:2F:C3:54


Wireless NIC C4:D9:87:B5:BC:A6


Bluetooth NIC C4:D9:87:B5:BC:AA

TECHS Submitted by Brittany Franklin Contact franklinb@wou.edu 89267
Primary Technician Contact franklinb@wou.edu 89267

Tracking

Entered by Date Memo
Brittany Franklin
Email

Public
Entered by Date Memo
Brittany Franklin Jan 17, 2020 10:20 AM 
Status changed from (1) Pending to (5) Completed
 Add Attachment
Brittany Franklin Jan 17, 2020 10:20 AM 
Cleared the alert in Sophos, since it's a non-issue.
 Add Attachment
Bradley Karkanen Jan 17, 2020 10:13 AM 
Task reassigned to Brittany Franklin.
 Add Attachment
Bradley Karkanen Jan 17, 2020 10:13 AM 
Windows Defender likely found something tried to 
clean it up and then got killed by Sophos
 Add Attachment
Bradley Karkanen Jan 17, 2020 10:13 AM 
I did some research and this is legit that file is 
Windows Defender it is only malicious if it is run from 
a path other then that one.
 Add Attachment
Brittany Franklin Jan 17, 2020 09:39 AM 
Sophos found a privilege escalation exploit on W20130826, which is very very bad.

From Sophos:
"We prevented a privilege escalation exploit in C:\Program Files\Windows Defender\MpCmdRun.exe"

Please investigate and pull Michael Ellis or I in if needed.
 Add Attachment