I need a solution
The following was detected on an internet facing SEPM in our DMZ. I'm assuming this is a valid intrusion, and not a false positive? I don't see this file name, nor was it detected, on my other SEPMs (one other in DMZ, on 3 internal network) and a Google of the name turns up nothing, Any insight would be appreciated. We are on 12.1.5337.5000
Risk name: Packed.Generic.347
File path: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\webapps\ROOT\XkbgkrNFIi.exe
Event time: Sep 7, 2015 8:11:52 AM
Database insert time: Sep 7, 2015 8:12:59 AM
Source: Real Time Scan
Description:
User: semsrv
Action taken on risk: Cleaned by deletion