JxMcGeary 0 Posted January 21, 2022 Share Posted January 21, 2022 I ordered a scan of user computers this morning. This turned up: Malicious file JS/Exploit.JavaDepKit.A was detected on computer (redacted) Threat type: Trojan Threat name: JS/Exploit.JavaDepKit.A Computer name: (redacted) Logged user: Administrator initiated scan Time of occurrence: 1/21/22, 1:31:01 PM UTC Scanner: On‑demand scanner Action performed: Deleted When I looked it up at https://www.virusradar.com/en/JS_Exploit.JavaDepKit/detail I saw 'detection created 2010, world activity peak 2011, variant dates to 2010'. The file that the scan found was a temp file and was summarily deleted rather than quarantined. I can't find anything that indicates where it came from or what process or site created it. This is the second time this user has had this detection come up. The previous time was on January 12th and the detected file was much smaller- 148234 bytes as opposed to 1561050 today. Both times, ESET deleted it rather than quarantining it. Both times, ESET informed me that it had never been seen by LiveGrid. Is this an actual detection or is the current ESET definition set treating an old piece of code in a temp file as a threat? And is it possible to restore a deletion so that it can be uploaded to ESET for analysis, without causing the protection modules to automatically re-delete the file? User is on a Windows 10 box. ESET Endpoint Security 9.0.2032.6, ESET Management Agent 9.0.1141.0, Detection Engine 24658 (20220121), ESET Dynamic Threat Defense for Endpoint Security enabled. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 21, 2022 Administrators Share Posted January 21, 2022 You can retrieve the file from quarantine and submit it in an archive encrypted with the password "infected" to samples[at]eset.com for a check if you suspect it to be false positive. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 21, 2022 Administrators Share Posted January 21, 2022 I've found 2 files submitted from the product. Did you submit them anonymously by checking this box? Link to comment Share on other sites More sharing options...
JxMcGeary 0 Posted January 21, 2022 Author Share Posted January 21, 2022 I don't recall clicking that option but I was having some trouble with my connection at the time (I'm working remotely) and may have checked it by mistake in the course of trying to get my options right. My apologies. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted January 21, 2022 Administrators Share Posted January 21, 2022 Just now, JxMcGeary said: I don't recall clicking that option but I was having some trouble with my connection at the time (I'm working remotely) and may have checked it by mistake in the course of trying to get my options right. My apologies. I'm asking since quite many users submit samples anonymously and expect a reply at the same time. So I wonder if it's not clear enough that we can't reply to anonymous submissions. As for the samples, I've forwarded them for further analysis. Link to comment Share on other sites More sharing options...
JxMcGeary 0 Posted January 21, 2022 Author Share Posted January 21, 2022 Nah, this was purely accidental. I was going back and forth between two screens and changing a couple of dropdown options and it resulted in me clicking things I didn't intend to click. It's happened in other apps with tickyboxes, too. Thank you for sending them off for analysis. I look forward to the results. Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,259 Posted January 21, 2022 Administrators Solution Share Posted January 21, 2022 False positive was confirmed and the detection removed. Link to comment Share on other sites More sharing options...
JxMcGeary 0 Posted January 21, 2022 Author Share Posted January 21, 2022 Thank you. Link to comment Share on other sites More sharing options...
Recommended Posts