As title.
We are using SEP (Symantec Endpoint Security) 14.3.
The risk file is C:\Windows\Temp\XXXXX\XXXXX.dll
The string XXXXX seems randomly generated and googling it return 0 search result. I masked it here because I am not sure if it's safe to post here, not sure if it is in fact a unique ID meaningful to the attacker only, then it will become some kinds of signal to let attacker monitoring the Internet know something.
Symantec alert does not contain much information, only said the risk is a "Downloader", showed the file path and name (as above), and a SHA-256 hash value, said SEP already "cleaned" it. That's all. No virus name or reference link. I cannot find any more info about this risk on the Internet.
Checked Windows event log, seems like the dll file was used by a Windows powershell script when it called a powershell-built-in network function. But if it is a Windows built-in dll, then the folder location C:\Windows\Temp seems weird.
If it does not have a virus name, then is it really a virus?
Or, judging by the risk name "Downloader", is it that SEP simply thinks it's abnormal for a dll file with such a random name and with function to download things to exist in C:\Windows\Temp, hence considers it a risk?
Any advise?