#37972 [Blackpoint Cyber] [# 2220938] Re: Bank of Montana [MDR] [No SNAP Agent] [Install SNAP Agent]

Hello Bank of Montana, 
 
Subject: No Agent Notification - Agent Installation Required / Agent Communications Issue
Blackpoint Actions Taken: Notification Only
 
This is not an automated email and was sent by our SOC due to a detection of an event on an endpoint that does not have our agent installed or the agent is currently unable to communicate with the Blackpoint Portal.
 
MDR Alert Details: 
BOM\bomadminAD on 10.231.198.157 remotely executed C:\Windows\System32\winrshost.exe on 10.231.198.52 at Tue Apr 21 2026 17:28:15 GMT+0000 (Coordinated Universal Time)

Attack Source
IP: 10.231.198.157
Hostname:
Domain:
OS:

Target
IP: 10.231.198.52
Hostname: BOM-HV02
Domain: bankofmt.com
OS: Windows Server 2022 Standard 
 
Summary of Action: 
The IP listed in the Attack Source Device details above either does not have a SNAP agent installed or the agent is unable to communicate with the Blackpoint Portal at this time. This endpoint performed a privileged action or had an A/V event and we are unable to fully investigate and triage the endpoint. 
 
We highly recommend installing an agent on the device to ensure full visibility of the environment. If an agent is present, please ensure the endpoint is able to communicate with the Blackpoint Portal. You can find more information about agent communication in our Support Documentation here: https://support.blackpointcyber.com/hc/en-us/articles/24377751762843-Blackpoint-Agent-Requirements
 
If this IP belongs to a VPN pool or the device in question does not support our SNAP Agent installation please email the SOC for a suppression of these types of alerts. If this is a part of a VPN pool range, please email the SOC your range for the VPN to further suppress these types of notifications.
 
If you have any further questions, please feel free to reach out to the Blackpoint SOC.
 
Share your thoughts on our service: Click Here