I have a Server 2008 R2 VM Host with LSI MegaRAID SAS 9260-8i & MegaRAID Storage Manager. I have been scanning entire network looking for threats and on this machine Malwarebytes Ver 3.0.6.1469, CompoPag Ver 1.0.75 (FREE ED.) has reported an “Exploit blocked” for Java App behavior, malicious inbound socket. This is in the Reports view, I have attached the export data.
I ran 3 scans on this machine over a week or so found nothing. I believe this event was automatically found. The MegaRAID Manager requires Java, I have noted in past Java.exe connecting to public IPs. I made an inquiry with the card manufacturer but never got anything but a “Ticket Closed Notice” so I gave up.
MegaRAID Manager will not connect to the host now. It has been working fine. I have not restarted the machine yet as it’s a production VM Host.
I wonder…
How Malwarebytes blocked this java process, was it a one time block or did it change windows firewall or does the free Malwarebytes have one of it’s own. Did it just kill the Java process and a restart is required to start it up again.
Is Malwarebytes wrongly detecting the Java actions or do I have a sick server?
Log.txt