Jump to content

Exploit Process Blocked wscript


marka2k
 Share

Recommended Posts

Have one user that I receive around ten reports a day with the following:

Alert Time: 8/17/2016 6:29:50 AM

Server Hostname: XXXXXXXXX

Server Domain/Workgroup: my.company.com Server IP: 172.XXX.XXX.XXX Notification Catalog: Client

Description:

Exploit threat detected, see details below:

 

8/17/2016 6:28:45 AM  IT-12-03                172.XXX.XXX.XXX     Exploit payload process blocked BLOCK                C:\Windows\system32\wscript

 

I have regular scans scheduled and running but nothing else shows up. Did a search in the forum and did not find anything. Looking for ideas please and thank you

 

 

Link to post
Share on other sites

  • Staff

Hello Marka2k!

 

A program opening up wscript is a common way that exploit based attacks are done which is why we are blocking that type of attack. So if you are not sure where it is coming from then it may be a real exploit. However, I want to have you collect me the logs so I can see what is triggering this:

 

https://forums.malwarebytes.org/topic/144403-readme-first-posts-here-need-to-include-mbae-logs/

Thank you,

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.