Identity theft using Pass-the-Hash attack verify false positive

Question

Hello,&nbsp;I have some messages about "Identity theft using Pass-the-Hash attack" in our ATA. Checked also some things on the client but cannot find some suspicious activities. I opened a MS ticket some weeks ago and did not get any information or at least a status mail.I think this is an false positive but its a good case for us to troubleshoot this.Can anyone from Microsoft have a look at the case and why we don't get any infos?&nbsp;Does anyone else have some ideas how to verify this?&nbsp;RegardsMiguel

eliofek · Answer

m_krone&nbsp;, sorry to hear that no one replied to your support case yet, this is not usually the case.
Can you please send me the support case ID so I can make sure someone responds? (and also check what happened...)

m_krone · Answer

Hi, unfortunately, we couldn't got any solution for this. We are currently investigating by our self. Since Eli got a contact for us which was responding we tried to solve the problem but after 3 weeks of just standard mails that Microsoft has currently too many requests with an delay to up to 4 weeks we finally got a closure email of the ticket without and solution. Also a response to work on this ticket got denied and now its gone.

mparpaley · Answer

Hello. Can you please share experience how to eliminate this false positive?&nbsp;

nvarshney · Answer

Hi,&nbsp;I am also getting the same alert but unable to find anything in user machine.

Forum Discussion

Identity theft using Pass-the-Hash attack verify false positive

4 Replies

Resources