Jump to content

MSIL/Webshell.BY on Exchange 2016


Go to solution Solved by Marcos,

Recommended Posts

This was picked up on my Exchange server by real time file system protection.  Server seems to be ok.  Any way to find out if this is a false positive?  

Thanks in advance.

 

image.thumb.png.cb4b6c49d5d008db6b23b298e44962b9.png

 

image.png.0e3a9ff28b3f046e66031ed96fe5a001.png

Link to comment
Share on other sites

In addition, now can I download the file to send for analysis from ESET CLOUD Protect?  The only options I have are to Restore and Delete.  

Thanks!

Edited by Trooper
Link to comment
Share on other sites

  • Administrators
  • Solution

The file is no longer detected, so mostly a false positive which was fixed about 35 hours ago.

Link to comment
Share on other sites

5 hours ago, Marcos said:

The file is no longer detected, so mostly a false positive which was fixed about 35 hours ago.

Thanks Marcos. I assume I should restore the file then?

Link to comment
Share on other sites

  • Administrators

Couldn't it be that a file with the same name already exists in the target path?

Link to comment
Share on other sites

On 1/19/2022 at 10:24 AM, Marcos said:

Couldn't it be that a file with the same name already exists in the target path?

I did not see it in the path.  For now we are ok, but thought it strange. I was able to however restore the file on the Exchange server directly from within the GUI of ESS.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...