Hi Support Team,
User asked "Does Shavlik access the packager executable on the target host via SMB/Windows file sharing"
They've asked this as they're seeing some unusual traffic that they need an explanation for -
Signature: "ETPRO EXPLOIT Possible Microsoft Windows Object Packager Packager.exe Insecure Library Loading Code Execution - SMB-DS Unicode”"
Source Systems: 192.168.182.28 (cscaucvwpsha01) and 192.168.182.29 (cscaucvwpsql01)
Targets: multiple GE hosts in multiple subnets
File accessed: C:\WINDOWS\SYSTEM32\PACKAGER.EXE
Please suggest, Thanks in Advance.