DaveBOpt 0 Posted January 15, 2019 Share Posted January 15, 2019 I've had a warning for HTML/ScrInject.B trojan on https://bid.rxrtb.com with 'no action' What does this mean? ESET has detected a threat but hasn't done anything about it? What's the best practice here? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted January 15, 2019 Administrators Share Posted January 15, 2019 This detection requires the user to select the desired action unless strict cleaning is used. If no action was chosen, the file was only blocked. I would like to ask you to provide me with logs gathered by ESET Log Collector on that machine with also "quarantined files" selected since I was unable to reproduce the detection. Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 15, 2019 Share Posted January 15, 2019 1 hour ago, DaveBOpt said: https://bid.rxrtb.com The web site is not accessible; 404 error - page not found. Link to comment Share on other sites More sharing options...
DaveBOpt 0 Posted January 15, 2019 Author Share Posted January 15, 2019 (edited) 1 hour ago, Marcos said: This detection requires the user to select the desired action unless strict cleaning is used. If no action was chosen, the file was only blocked. I would like to ask you to provide me with logs gathered by ESET Log Collector on that machine with also "quarantined files" selected since I was unable to reproduce the detection. Thanks I'll do this ASAP - machine is in a remote location. Edited January 15, 2019 by DaveBOpt Link to comment Share on other sites More sharing options...
DaveBOpt 0 Posted January 15, 2019 Author Share Posted January 15, 2019 27 minutes ago, itman said: The web site is not accessible; 404 error - page not found. I had the same results. Just checking whether we should be taking any action as best practice. As the user didn't select an option, do you think it's wise to mark as 'Resolved' ? Link to comment Share on other sites More sharing options...
itman 1,659 Posted January 15, 2019 Share Posted January 15, 2019 I will say this. I had a similar browser based HTML detection using EIS last month. I posted on the forum about it because I had two questions. The first was why the log entry for it showed no action taken and the entry was shown in red color. As this: https://forum.eset.com/topic/17986-detected-threat-shows-in-red/?do=findComment&comment=88763 shows, Eset Web Protection which I have the ThreatSense setting set to Normal protection cleaned the threat with no user interaction required. As for no Eset quarantine event being recorded, I assumed this was correct since nothing ever hit the disk to be captured. I am still puzzled why the log event showed no action. As to the red color of the log entry, I never received a response. Link to comment Share on other sites More sharing options...
Recommended Posts