Delayed Deletion of Files

The
Delayed Deletion of Files
alert indicates that a command line deleting files used the timeout or ping commands to delay the file deletion.

Synopsis

10 minutes
3 days
14 days
10 minutes
Cortex XDR agent endpoint data
Severity
Low

Description

A process executed a command line that uses the timeout or ping commands to delay file deletion. This is suspicious, as malware sometimes uses these techniques to cover their tracks, and the same command line was seen on only a handful of endpoints in the last 14 days, if at all.

Attacker's Goals

Evade security controls and possibly cover their tracks.

Investigative Actions

Check whether the executing process is benign, and if this was a desired behavior as part of its normal execution flow.

Recommended For You