Forum Discussion
Attempted to query private data using key G$MNSEcryptionKey from XXXXXX
I'm getting the message: "Attempted to query private data using key G$MNSEcryptionKey from XXXXXX" in Azure ATP alerts. There is not information in the web about what the key is. Could someone give a hand to get a reference or explanation about this?
6 Replies
- EliOfek
Microsoft
Another customer who ran into the same message share this info, you might check if it applies here as well:
"We found the explanation: The G$MNSEncryptionKey is from a old Novell Netware installation and the event occurs while the password of this user is changed."
hope it helps.
Hi EliOfek, I did some inquiries directly with the customer and they are not using any Novell installation. The error has appeared twice and it is coming from a Windows 10 Enterprise computer (17134). Do you think there is a legacy application that could be generating this alert?. At this moment, I am collecting more info.
- EliOfek
ECuadra , I did not get any other reports besides the Novell incident I already mentioned.
At this point this can be anything from a legit app to malicious code...
You should investigate to try and isolate the source on this machine.
I would appreciate if you continue to share once you have more info/clues, this is interesting.
Thanks,
Eli
