We had some triggers for:
Suspicious Process - Regsvr32.exe Registering DLL in ProgramData
Which have thankfully turned out to be non-malicious.
The DLL file that RegSvr registered has been in place for years, part of Lenovo Battery Gauge.
I can see that this specific rule had a modification by R7 4 days ago, so im just wondering what those modifications were, and whether they contributed to this being triggered now, when as i say, this file has been in Lenovo’s package for years.
I cant seem to find a way to see what the modifications were?
Rule Last ModifiedMonday, 19 December 2022 at 10:30:40 UTC Rule Added to LibraryThursday, 16 September 2021 at 15:19:54 UTC