Endpoint Protection

We need to validate if the below details are a legitimate file or not. This was detected by Cynet. If anyone does know we would appreciate your help on what does the below details do

Hi P-nhoy,

Thanks for the post.  I am familiar with Symantec's own EDR but can't speak on behalf of Cynet 360 or and other vendor's product.  Contact them if you believe they have identified a False Positive?

If there is any doubt about whethere or not a script file like C:\\Program Files (x86)\\Symantec\\Symantec Endpoint Protection\\12.1.7004.6500.105\\Bin64\\AVScript13.js is malicious, please submit it to Security Response for analysis.  

Hi P-nhoy,

On the most part it looks like it a clean file as suggested by VirusTotal. See the link below all vendors are saying clean. 

https://www.virustotal.com/gui/file/6216383428eab3292c5590c70d24b33a7d84fbf1c463e331c40f052e6ea356fe/detection

Looks legitimate , you might be using a HI policy that runs a Cscript and that script might be accessing memory

https://www.symantec.com/connect/forums/sdcs-65-symwinprotectioncore-and-sep-1216mp1

hi rafeeq. also the symantec support said that it was when the host intergrity is been enabled in the environment the AV scripts will run from symantec end and the engine details will be stored in this location so this a  symantec file and they are legitimate.
 

Thanks for sharing the info P-nhoy