cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Identity theft using Pass-the-Hash attack verify false positive

m_krone
Brass Contributor

‎May 06 2019 06:12 AM - last edited on ‎Nov 30 2021 10:05 AM by

‎May 06 2019 06:12 AM - last edited on ‎Nov 30 2021 10:05 AM by

Identity theft using Pass-the-Hash attack verify false positive

Hello,

 

I have some messages about "Identity theft using Pass-the-Hash attack" in our ATA. Checked also some things on the client but cannot find some suspicious activities. I opened a MS ticket some weeks ago and did not get any information or at least a status mail.

I think this is an false positive but its a good case for us to troubleshoot this.

Can anyone from Microsoft have a look at the case and why we don't get any infos?

 

Does anyone else have some ideas how to verify this?

 

Regards

Miguel

4,498 Views
0 Likes
4 Replies
Reply
4 Replies
Eli Ofek

‎May 06 2019 06:18 AM

‎May 06 2019 06:18 AM

Re: Identity theft using Pass-the-Hash attack verify false positive

@m_krone , sorry to hear that no one replied to your support case yet, this is not usually the case.

Can you please send me the support case ID so I can make sure someone responds? (and also check what happened...)

1 Like
Reply
mparpaley

‎Jul 12 2019 05:48 AM

‎Jul 12 2019 05:48 AM

Re: Identity theft using Pass-the-Hash attack verify false positive

Hello. Can you please share experience how to eliminate this false positive? 

0 Likes
Reply
m_krone

‎Jul 15 2019 02:18 PM

‎Jul 15 2019 02:18 PM

Re: Identity theft using Pass-the-Hash attack verify false positive

Hi, unfortunately, we couldn't got any solution for this. We are currently investigating by our self. Since Eli got a contact for us which was responding we tried to solve the problem but after 3 weeks of just standard mails that Microsoft has currently too many requests with an delay to up to 4 weeks we finally got a closure email of the ticket without and solution. Also a response to work on this ticket got denied and now its gone.
1 Like
Reply
nvarshney

‎Jul 26 2020 08:43 PM

‎Jul 26 2020 08:43 PM

Re: Identity theft using Pass-the-Hash attack verify false positive

Hi,

 

I am also getting the same alert but unable to find anything in user machine.

0 Likes
Reply