Reporting false positive: Synology Drive Client #214
Description
Reporting false positive: Synology Drive Client
Alert: MODULE: ProcessScan MESSAGE: Yara Rule MATCH: EXPL_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_1 PID: 10680 NAME: cloud-drive-daemon.exe OWNER: Admin CMD: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe C:/Users/Admin/AppData/Local/SynologyDrive/data/config/client.conf 50016 PATH: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
Alert: MODULE: ProcessScan MESSAGE: Yara Rule MATCH: LOG_Exchange_Forensic_Artefacts_CleanUp_Activity_Mar21_1 PID: 10680 NAME: cloud-drive-daemon.exe OWNER: Admin CMD: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe C:/Users/Admin/AppData/Local/SynologyDrive/data/config/client.conf 50016 PATH: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
Alert: MODULE: ProcessScan MESSAGE: Yara Rule MATCH: WiltedTulip_ReflectiveLoader PID: 10680 NAME: cloud-drive-daemon.exe OWNER: Admin CMD: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe C:/Users/Admin/AppData/Local/SynologyDrive/data/config/client.conf 50016 PATH: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe
Alert: MODULE: ProcessScan MESSAGE: Yara Rule MATCH: PowerShell_ISESteroids_Obfuscation PID: 10680 NAME: cloud-drive-daemon.exe OWNER: Admin CMD: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe C:/Users/Admin/AppData/Local/SynologyDrive/data/config/client.conf 50016 PATH: C:\Users\Admin\AppData\Local\SynologyDrive\SynologyDrive.app\bin\cloud-drive-daemon.exe