May 06 2019
- last edited on
Nov 30 2021
I have some messages about "Identity theft using Pass-the-Hash attack" in our ATA. Checked also some things on the client but cannot find some suspicious activities. I opened a MS ticket some weeks ago and did not get any information or at least a status mail.
I think this is an false positive but its a good case for us to troubleshoot this.
Can anyone from Microsoft have a look at the case and why we don't get any infos?
Does anyone else have some ideas how to verify this?
May 06 2019 06:18 AM
@m_krone , sorry to hear that no one replied to your support case yet, this is not usually the case.
Can you please send me the support case ID so I can make sure someone responds? (and also check what happened...)
Jul 15 2019 02:18 PM
Jul 26 2020 08:43 PM
I am also getting the same alert but unable to find anything in user machine.