Endpoint Security Complete

An critical alert was generated on the ICDm but then disappeared the next day. Customer wants to know why this alert was generated and advise on remediation.
SESC agent is installed with all components functioning and enabled.
Workstation: Win 10 Enterprise laptop

New Compromised Device Found

Prpduct: Opstate assessment service

Anyone seen this before.

I have found some reference to the "8061 - Entity change" event but cant figure out what this means and what to investigate on the machine?

EDR event detection types and descriptions

Broadcom		remove preview
EDR event detection types and descriptions View the events generated from system activities, threat detections, audits, and more on the Investigate page of the cloud console. View this on Broadcom >

Hello

Do you mean something like this

I see these sometimes after agent upgrade. 
This one happened few minutes ago after endpoint upgraded from RU6 to RU7 on one of my servers.

Original Message:
Sent: Jan 20, 2023 02:46 AM
From: Thaveshin Pillay
Subject: SESC - Ops Assessment state - Compromised device

An critical alert was generated on the ICDm but then disappeared the next day. Customer wants to know why this alert was generated and advise on remediation.
SESC agent is installed with all components functioning and enabled.
Workstation: Win 10 Enterprise laptop

New Compromised Device Found

Prpduct: Opstate assessment service

Anyone seen this before.

I have found some reference to the "8061 - Entity change" event but cant figure out what this means and what to investigate on the machine?

EDR event detection types and descriptions

Broadcom		remove preview
EDR event detection types and descriptions View the events generated from system activities, threat detections, audits, and more on the Investigate page of the cloud console. View this on Broadcom >