Nazwa wykrycia: MSIL/Agent.XCL

[root 1]

Win Server 2012

NEW NOTIFICATION
Detection type: Trojan 
Detection name: MSIL/Agent.XCL 
Computer name: ASCS-SV-01-T110 
Logged in user: ASCS-SV-01-T110\Agnieszka 
Speech time: 19/09/2024, 14:58:58 CEST 
Scanner: Real-time file system protection 
Action taken: Cured by deletion
Detection type: Trojan
Detection name: MSIL/Agent.XCL
Computer name: ASCS SV 01 T110
Logged in user: ASCS SV 01 T110\Agnieszka
Speech time: 19/09/2024, 14:58:58 CEST
Scanner: Real-time file system protection
Action taken: Cured by deletion

after last update, it is when we encrypt using this tool: PDFKey Pro | Unlock PDF files right now

Please note, this tool is being used for 4 years, there were never had problems. Now there is no problem using it on PCs. Problem is only on server

Every time we try to encrypt any pdf file on server, we receive notification. On PC, when we encrypt even the same pdf file, everything is ok, no notification

Note on server 2012 we have current ESET ver installed

 

 

Edited 7 hours ago by root

[itman 1,746]

43 minutes ago, root said:

after last update, it is when we encrypt using this tool: PDFKey Pro | Unlock PDF files right now

It is possible the malicious behavior only manifests on Win Server installations.

Edited 6 hours ago by itman

[itman 1,746]

I downloaded the installer and submitted it to CrowdStrike Falcon sandbox. The scan resulted in a malicious behavior detection: https://www.hybrid-analysis.com/sample/1097b94c48cedd27ccabcab2ea5f84f2b9740c0aafc9f6568dd74027c8a41664/66ec3354f573c272c2000a61 .

Edited 5 hours ago by itman

[Marcos 5,259]

We've removed the detection. The file appears to be clean and is not subject to detection.