cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 12
‎10-31-2018 07:44 AM

Repeatedly receiving alert

Event description: JavaScript or VBScript security violation detected and blocked

Threat type: Trojan

Threat name: JS/Miner.ay

 Received on ePO server: 10/31/18 13:21:09 UTC

 Target file name(s):

Script executed by scrcons.exe

IP address: 10.192.XXXXX

 This message has been created by ePO server XXXXXXXXX

 

 

I have scanned the machine still receiving these alerts, please help to fix the issue.

Labels (2)
Labels
Tags (2)
0 Kudos
Reply
11 Replies
Hawkmoon
Employee
Employee
Report Inappropriate Content
Message 2 of 12
‎10-31-2018 08:49 AM

Re: Repeatedly receiving alert

Hi Ammit,

As a general rule if you are receiving alerts about Malware or any other matter of worth, it is true to say the condition/Malware is still active and needs attention.

I'd suggest a review of the scanner (VSE or ENS) configuration & logs to see if the named device is activity detecting/reporting the matter and action as needed with the help of the ENS/VSE team.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 3 of 12
‎11-01-2018 12:53 AM

Re: Repeatedly receiving alert

Please guide with the steps, i have updated VSE, DAT, agent.

Scanner the machine, still no go.

0 Kudos
Reply
Hawkmoon
Employee
Employee
Report Inappropriate Content
Message 4 of 12
‎11-01-2018 02:12 AM

Re: Repeatedly receiving alert

Hi Ammit,

I'd suggest you call the VSE/ENS support team to speak with one of the enginers so thay can work with you and that point product.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 5 of 12
‎11-01-2018 04:29 AM

Re: Repeatedly receiving alert

How can i contact the ENS team, I have the console access i am managing ePO.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 6 of 12
‎11-01-2018 02:54 AM

Re: Repeatedly receiving alert

Hi @Former Member

Those events indicate that  you are seeing a JS/Miner Malware. JS/Miner is a malware family that utilizes JavaScript (JS) either in a browser or via a standalone process (wscript.exe/cscript.exe) to mine crypto-currencies on a target user’s endpoint system. They are normally embedded within websites.

Please review the following threat advisory on this topic - it provides you with some further information on the detection and also mitigation steps: 

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27447/en_US/McAfee_Labs_Threat_Advisory-JS_Coinminer.pdf

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 7 of 12
‎11-01-2018 04:32 AM

Re: Repeatedly receiving alert

How can i fix this issue with the help of ePO console or by accessing the machine.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 8 of 12
‎11-01-2018 04:37 AM

Re: Repeatedly receiving alert

Please see my response from earlier, this should help.
0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 9 of 12
‎11-05-2018 03:55 AM

Re: Repeatedly receiving alert

I am from the ENS team, i have the access to console, please help with the steps which i need to perform to fix this issue, its a big pain for recving alerts every now and then.

0 Kudos
Reply
vnaidu
MVP
Report Inappropriate Content
Message 10 of 12
‎11-05-2018 10:59 PM

Re: Repeatedly receiving alert

Hi Ammit,

You may refer the KB article KB81095 and create access protection user defined rules, as this is a java script which can be embedded in most of the websites where is the endusers are not aware. The Access Protection user defined rules could be of much help in your scenario.

 

Venu
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC