I have releaved a strange behaviour on a couple of computers with systemcenter endpoint protection 2012 installed and update.
the home folder locate on network all the files and folders are sobstitute by a link with the same name.
the link is like this:
C:\WINDOWS\system32\cmd.exe /C start /b "" "cmd.exe" /C if exist "rFQfXT.bdKx" start /b "" "rFQfXT.bdKx" && start /b "" "mydocument.doc"
the original file and folder are hidden.
if I set folder options to show "hidden files and folders" and remove the flag on "Hide protected operating system files (reccomended)" I can see the file rFQfXT.bdKx
I have submitted the file to https://www.microsoft.com/security/portal/submission/submit.aspx and I'm waiting a reply.
- Changed type Quan GuMicrosoft contingent staff, Moderator Friday, October 25, 2013 5:51 AM