root 1 Posted 10 hours ago Share Posted 10 hours ago (edited) Win Server 2012 NEW NOTIFICATION Detection type: Trojan Detection name: MSIL/Agent.XCL Computer name: ASCS-SV-01-T110 Logged in user: ASCS-SV-01-T110\Agnieszka Speech time: 19/09/2024, 14:58:58 CEST Scanner: Real-time file system protection Action taken: Cured by deletion Detection type: Trojan Detection name: MSIL/Agent.XCL Computer name: ASCS SV 01 T110 Logged in user: ASCS SV 01 T110\Agnieszka Speech time: 19/09/2024, 14:58:58 CEST Scanner: Real-time file system protection Action taken: Cured by deletion after last update, it is when we encrypt using this tool: PDFKey Pro | Unlock PDF files right now Please note, this tool is being used for 4 years, there were never had problems. Now there is no problem using it on PCs. Problem is only on server Every time we try to encrypt any pdf file on server, we receive notification. On PC, when we encrypt even the same pdf file, everything is ok, no notification Note on server 2012 we have current ESET ver installed Edited 10 hours ago by root Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted 9 hours ago Share Posted 9 hours ago (edited) 43 minutes ago, root said: after last update, it is when we encrypt using this tool: PDFKey Pro | Unlock PDF files right now It is possible the malicious behavior only manifests on Win Server installations. Edited 9 hours ago by itman Quote Link to comment Share on other sites More sharing options...
itman 1,746 Posted 8 hours ago Share Posted 8 hours ago (edited) I downloaded the installer and submitted it to CrowdStrike Falcon sandbox. The scan resulted in a malicious behavior detection: https://www.hybrid-analysis.com/sample/1097b94c48cedd27ccabcab2ea5f84f2b9740c0aafc9f6568dd74027c8a41664/66ec3354f573c272c2000a61 . Edited 8 hours ago by itman Quote Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,259 Posted 6 hours ago Administrators Solution Share Posted 6 hours ago We've removed the detection. The file appears to be clean and is not subject to detection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.