beethoven 0 Posted July 15, 2021 Share Posted July 15, 2021 Using ESET PROTECT Cloud (version: 2.3.5.1) - a few times now I have been alerted via the cloud console about Eset terminating a script scanner (see screenshot) . Staff are aware to be careful as to which sites to access, so I am a bit frustrated that this seems to happen for one particular user. From the alert I can see that it was handled by Eset and that it was a chrome / website use but is there any way to see which webaddress "served" the malware. If this happened on a legit site that the user needs to access, I would feel better than thinking he he keeps surfing to sites that have nothing to do with work. The Object URI does not tell me much - it might be an add ? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted July 15, 2021 Administrators Share Posted July 15, 2021 It was crcdn01.adnxs.com which contained the detected adware JS. Link to comment Share on other sites More sharing options...
beethoven 0 Posted July 15, 2021 Author Share Posted July 15, 2021 Marcos, thank you but I think you may have misunderstood. I realise that the above caused Eset to take action but I do not think that my colleague went to this website intentionally. According to him he went to a car site and googling adnxs it seems that Adnxs.com is part of an advertising service that website publishers can use to generate revenue on their sites. Unfortunately, there are malicious programs that are redirecting users to these Adnxs.com ads without the permission of the publisher in order to generate revenue. I think it would be useful to know which website may have been compromised or just used this service so that if I see the same alert coming through for the same staff member several times whether this relates to the same site. In that case I would ask him not to access this site from our pc. I don't care if he uses his home pc. Link to comment Share on other sites More sharing options...
BrianMorris 15 Posted August 5, 2021 Share Posted August 5, 2021 I would imagine that ESET wouldn't know which page loaded this URL. Similar to this, I have these kind of alerts feed into my PSA via an email alert. I can't find any way to include that URL in the email alert. I think it may be a bug. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted August 5, 2021 Administrators Share Posted August 5, 2021 Unfortunately the information is not available. It's not a bug. There is a chance that this info could be available in the future, however. Link to comment Share on other sites More sharing options...
BrianMorris 15 Posted August 5, 2021 Share Posted August 5, 2021 Marcos, I probably wasn't clear enough! Here is an example alert. I want the URI to be included in the email alert. It's not an option to be included in the alert. This is the info that ESET generates (pic). Faizan 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,290 Posted August 5, 2021 Administrators Share Posted August 5, 2021 If you are referring to email notifications sent by Endpoint, I recall there are plans to improve them. You can ask for desired improvements via your local ESET distributor who will then report it further to ESET HQ. The more people request a feature that is reasonable and can be implemented, the higher chance it will be implemented. BrianMorris and Faizan 2 Link to comment Share on other sites More sharing options...
Recommended Posts