Hi Gary, As Sascha correctly pointed out, APC Violation is quite robust in mitigating a remote exploitation attempt using EternalBlue. You're getting a Troj/Meter-M detection which can only happen in the later stages of attack i.e. APC Violation should've acted first! We fired MeterM to counter the Metepreter shell which we don't let establish in the first place if Intercept X is correctly configured and all protection levels are functional! :) Please feel free to DM me with all the details and I'll be happy to fill in the gaps. Thanks, Vikas
↧