Endpoint Protection

 View Only
  • 1.  JS.Adashic!inf found on SEPM

    Posted Jul 28, 2022 02:25 AM
    Edited by Zan Jul 28, 2022 02:34 AM
    Hi,
    Today I received a notification, that SEP management server was infected with JS.Adashic!inf.  Since there is no information abaout this threat, I would like to know what this threat is (I asume it redirects to malicious web sites?) and how is that possible to get infected since there was a clean install of SEPM done a couple o months ago, the server is used only for the management console and the internet is blocked on the server? Is it possible this is a false-positive?
    Thank you and best regards


  • 2.  RE: JS.Adashic!inf found on SEPM

    Posted Jul 28, 2022 03:38 AM
    Hello,

    We have seen this at a customer today as well. Looks like a possible Definition Update gone wrong. No information can be found from my side too. Opening a case now with Broadcom to get clarity.

    Thanks for creating this thread though, now I know that we are not alone.

    Regards,


  • 3.  RE: JS.Adashic!inf found on SEPM

    Posted Jul 28, 2022 09:05 AM
    The detection reported is confirmed to be False Positive and the detection is updated to prevent further FP's. RR defs Seq#: 20220727.033 & greater resolves the FP.


  • 4.  RE: JS.Adashic!inf found on SEPM

    Posted Jul 29, 2022 09:15 AM
    Hello, is any action required or recommended ? Will this be resolved in the next definition update?


  • 5.  RE: JS.Adashic!inf found on SEPM

    Posted Jul 29, 2022 09:21 AM
    Updated AV DEFINITION WILL RESOLVE THIS MALWARE ALERTS


  • 6.  RE: JS.Adashic!inf found on SEPM

    Posted Jul 28, 2022 09:05 AM
    Today we have the same notifikcation:
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Bin\SharedUpdates\#content#TempCache#{03E7C203-78AA-448B-A844-3587B103EE5C}#220726009#xdelta220726009_To_220727023!dax>>Unknown00000000.data>>VIRSCAN9.DAT.DIFF

    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Bin\SharedUpdates\#content#TempCache#{03E7C203-78AA-448B-A844-3587B103EE5C}#220726009#xdelta220726009_To_220727023!dax

    ... and now I see there is no more standard default quarantaine folder on our systems 

    (%ProgramData%\Symantec\Symantec EndpointProtection\CurrentVersion\Data\Quarantine) ... is that changed with Update to RU4?