MSIL/Webshell.BY on Exchange 2016

[Trooper 65]

This was picked up on my Exchange server by real time file system protection.  Server seems to be ok.  Any way to find out if this is a false positive?  

Thanks in advance.

 

 

[Trooper 65]

In addition, now can I download the file to send for analysis from ESET CLOUD Protect?  The only options I have are to Restore and Delete.  

Thanks!

Edited January 19, 2022 by Trooper

[Marcos 5,074]

The file is no longer detected, so mostly a false positive which was fixed about 35 hours ago.

[Trooper 65]

5 hours ago, Marcos said:

The file is no longer detected, so mostly a false positive which was fixed about 35 hours ago.

Thanks Marcos. I assume I should restore the file then?

[Marcos 5,074]

Just now, Trooper said:

Thanks Marcos. I assume I should restore the file then?

Yes, it's safe to restore it.

[Trooper 65]

Thank you sir.

[Trooper 65]

The restore task failed.  Any reason why it would?

[Marcos 5,074]

Couldn't it be that a file with the same name already exists in the target path?

[Trooper 65]

On 1/19/2022 at 10:24 AM, Marcos said:

Couldn't it be that a file with the same name already exists in the target path?

I did not see it in the path.  For now we are ok, but thought it strange. I was able to however restore the file on the Exchange server directly from within the GUI of ESS.