Data Transmission Volume MalOps

The ‘High volume of data transmission by injected process’ MalOp is triggered when the platform detects that a process into which code has been injected begins to transmit a large volume of data.

This MalOp is part of the RESEARCH_MALOP stability group.

Note

This stability group is not enabled by default. Contact Technical Support to enable these MalOps for your environment.

Malop Example

Supported OS for this MalOp: Windows

Examples of behavior that can trigger this MalOp:

  • High amount of data transmitted by a process or through a connection

  • High amount of data transmitted to malicious address

  • Process with injection transmitting data

Next steps

  • Investigate the process in question.

  • Investigate the Connections that the process has made.

  • Isolate the machine if necessary.