ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

Windows Saved Search File Phishing Attempt

Risk Factors

Phishing is a common technique that has enabled attackers to manipulate the Windows Search feature. A phishing attempt might not immediately affect the network, but these types of phishing attempts should be investigated because an attacker could mount a remote file share on your network.

Kill Chain

Caution

Risk Score

37

Detection diagram
Next in Caution: DNS Request with a Suspicious Domain

Attack Background

N/A

Mitigation Options

Block files with the .search-ms extension at the network perimeter
Block inbound and outbound traffic from suspicious IP addresses at the network perimeter
Quarantine the device while checking for indicators of compromise, such as the presence of malware
Implement network segmentation and the principle of least privilege on accounts to minimize the damage caused by a compromised device

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right