Jump to content

Whitelisting "Trojan"


BDeep
 Share

Recommended Posts

  • ESET Insiders

We have a custom inline script that obscures a mail to address but ESET and some other endpoint products are knocking it down. The code is:

                                                  <script type="text/javascript">

                                                                                                <!--

                                                                                                var s="

=b!ujumf>#Fnbjm!Tbsbi#!isfg>#nbjmup;tbsbiAtbsbitjohjoh/dpn#?Tbsbi=0b?";

                                                                                                m=""; for (i=0; i<s.length; i++) m+=String.fromCharCode(s.charCodeAt(i)-1); document.write(m);

                                                                                                //-->

                                                                                </script>

Because we are purposely trying to utilize this javascript, how can we whitelist this?

Machine details of the threat are below:

 

  • [redacted]
  • COMPUTER DESCRIPTION
    John Ball
  • THREAT NAME
    JS/Kryptik.AD
  • THREAT TYPE
    trojan
  • SEVERITY
    Warning
  • OCCURRED
    2016 Jun 2 08:30:18
  • THREAT HANDLED
    Yes
  • RESTART NEEDED
    No
  • ACTION TAKEN
    cleaned by deleting
  • ACTION ERROR
  • OBJECT TYPE
    file
  • OBJECT URI
    [redacted]/test.html
  • CIRCUMSTANCES
    Event occurred on a newly created file.
  • SCANNER
    Real-time file system protection
  • ENGINE VERSION
    13585 (20160602)
  • PROCESS NAME
    C:\Windows\notepad.exe
  • USER NAME
    [redacted]
Edited by BDeep
Link to comment
Share on other sites

  • Administrators

Use an image for instance instead of obfuscation methods similar to what malware authors use.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...