Today we have the same notifikcation:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Bin\SharedUpdates\#content#TempCache#{03E7C203-78AA-448B-A844-3587B103EE5C}#220726009#xdelta220726009_To_220727023!dax>>Unknown00000000.data>>VIRSCAN9.DAT.DIFF
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.3.7393.4000.105\Bin\SharedUpdates\#content#TempCache#{03E7C203-78AA-448B-A844-3587B103EE5C}#220726009#xdelta220726009_To_220727023!dax
|
... and now I see there is no more standard default quarantaine folder on our systems
(%ProgramData%\Symantec\Symantec EndpointProtection\CurrentVersion\Data\Quarantine) ... is that changed with Update to RU4?
Original Message:
Sent: Jul 28, 2022 02:25 AM
From: Zan Grintov
Subject: JS.Adashic!inf found on SEPM
Hi,
Today I received a notification, that SEP management server was infected with JS.Adashic!inf. Since there is no information abaout this threat, I would like to know what this threat is (I asume it redirects to malicious web sites?) and how is that possible to get infected since there was a clean install of SEPM done a couple o months ago, the server is used only for the management console and the internet is blocked on the server? Is it possible this is a false-positive?
Thank you and best regards