Jump to content

Robbb

Members
  • Posts

    7
  • Joined

  • Last visited

Posts posted by Robbb

  1. 1 minute ago, russell_t said:

    Thanks for posting this here as well, came here first and didn't see a peep, can also confirm this is happening on multiple Exchange 2010 servers.  Thanks for the spiceworks link!

    No worries. I believe someone else on that SW thread has opened a ticket with ESET, so hopefully they're working on it. I figured putting it here where admins go first would give some visibility. We're an MSP and found this issue on multiple servers - but not all Exchange 2010 servers - no correlation between OS Exchange version - eg we have one 2012/Exchange 2010 server with the false alert, and another without, even running same version of Mail Security and the same v20199 detection engine.

  2. We have been receiving false positives from a dynamic .dll generated by Exchange/IIS for OWA on detection engine 20199. It is occurring on different OSes, (2008 R2, SBS2011, 2012) with the common denominator being Exchange 2010 with OWA.

    Threat type: trojan
    Threat name: MSIL/Webshell.C
    Computer name: server.domain.local
    Logged user:

    Object: file:///C:/Windows/Microsoft.NET/Framework64/v2.0.50727/Temporary ASP.NET Files/owa/c60e4757/114626a/App_Web_yvgyrxbc.dll

    This file is generated on the fly when accessing OWA

    We rolled back to latest snapshot of detection engine until this is resolved. Is ESET aware of this issue?  Any further info we can provide?

     

    See this SpiceWorks thread for more reports:

    https://community.spiceworks.com/topic/2237907-threat-found-in-event-viewer-shutting-off-access-to-exchange-via-deletion?page=1#entry-8609072

  3. 11 hours ago, sgrouwstra said:

    I tried to disable "Protected Service" and also tried updating SQL 2012/2014/2016 (on all versions we had this error), but did not help.

    Last week i updated efsw to version 7.0.12018.0, and it appears the error in the event log is gone.

    I only started seeing these errors once upgraded to 7.0.12018.0, so it's not just that.

    Still getting these errors as of 20 mins ago.

×
×
  • Create New...