Score of 3 but still Remediated?
We added TDR host to our Backup server, and it blew up the backup jobs on a .tmp file that was created in \AppData\Local\Temp\ (which is a folder I really don't want to exclude). The threat score was 3 for the file, and I'm trying to understand why the file was remediated.
We're running at a Cybercon of 4 and none of our policies act on a threat score of 3. There is the APT Blocker Policy, which I suspect acted on the file.
Here are the Threat Details for that file -
Threat Feed: Not Matched
Malware Verification Service: Unseen
Heuristics: Suspicious (ML)
---Warped PE Structure
APT Blocker: Ineligible; File too large for APT Blocker Analysis
I'm seeing that the file was Successfully Externally Remediated and at the same time the backup software crashed grinding our jobs to a screeching halt. Can anyone explain why this file was remediated?