Nov 04 2022
I get a lot of Defender notifications like this one, the .tmp.exe name is just slightly different:
Detection time: 2022-11-04T17:55:38.821Z
User: NT AUTHORITY\SYSTEM
Process Name: C:\Windows\System32\lsass.exe
Target Commandline: C:\Windows\TEMP\odt875C.tmp.exe /configure C:\Windows\TEMP\cfgCD8D.tmp
Inheritance Flags: 0x00000000
Security intelligence Version: 1.377.1295.0
Engine Version: 1.1.19700.3
Product Version: 4.18.2210.4
Is there a standard update process anyone is aware of the triggers from the Windows\Temp directory like this?
Seems like I shouldn't whitelist this behavior but I also wonder if it's slowing or prevent a security update from running (Google Chrome, Office, Adobe etc.).