Jump to content

file detection declared as website ??


Juergen
 Share

Go to solution Solved by BjelakovicL,

Recommended Posts

Hello,

hiere is the report of a file detected as bad website, maybe because of unc. Actually the file is part of a kind of erp-software at a customer site.

-Protokolldetails-
Datum des Schutzereignisses: 30.05.22
Uhrzeit des Schutzereignisses: 08:55
Protokolldatei: 7798e2b9-dfe5-11ec-a8f2-4c5262a55fbe.json

-Softwaredaten-
Version: 4.5.9.198
Komponentenversion: 1.0.1689
Version des Aktualisierungspakets: 1.0.55558
Lizenz: Premium

-Systemdaten-
Betriebssystem: Windows 10 (Build 19044.1706)
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, \\server-name\WA3DATEN\WA3-ZUSATZ\WA3DOTNET.exe, Blockiert, -1, -1, 0.0.0, ,

-Website-Daten-
Kategorie: Schadsoftware
Domäne:
IP-Adresse:
Port: 80
Typ: Ausgehend
Datei: \\server-name\WA3DATEN\WA3-ZUSATZ\WA3DOTNET.exe

Best regards from Hainburg, Germany

Jürgen Dannoritzer

WA3dotNET.zip

Link to post
Share on other sites

  • 3 weeks later...

Hello,

sorry for creating some confusion.

I had already made an exception for the domain www.update.dietronic.info, which is the internal download site of our ERP-System. Then in addtion I made an exception for the executable wa3dotnet.exe which calls the website to download some database content.

image.png.50d502f7cd95afa18c39c9d574f4de49.png

For some reason malwarebytes is still complaining

image.png.011b8fd5b239aeb488bd3226a7a0734f.png

Could it be the wwww. before the subdomain, which is causing the problem?

Best regards from Hainburg, Germany

Jürgen Dannoritzer

Link to post
Share on other sites

Hello,

as exception I also entered the IP address, wothout luck.

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Datum des Schutzereignisses: 22.06.22
Uhrzeit des Schutzereignisses: 22:43
Protokolldatei: fdaa2964-f26b-11ec-ad04-4c5262a55fbe.json

-Softwaredaten-
Version: 4.5.10.200
Komponentenversion: 1.0.1702
Version des Aktualisierungspakets: 1.0.56405
Lizenz: Premium

-Systemdaten-
Betriebssystem: Windows 10 (Build 19044.1766)
CPU: x64
Dateisystem: NTFS
Benutzer: System

-Einzelheiten zu blockierten Websites-
Bösartige Website: 1
, \\FACTSRV03\WA3DATEN\WA3-ZUSATZ\WA3DOTNET.exe, Blockiert, -1, -1, 0.0.0, ,

-Website-Daten-
Kategorie: Trojaner
Domäne: update.dietronic.info
IP-Adresse: 92.60.36.28
Port: 80
Typ: Ausgehend
Datei: \\FACTSRV03\WA3DATEN\WA3-ZUSATZ\WA3DOTNET.exe

 

(end)

Here the extended list of allowed sites/files/ip-address.

image.png.d16877ef221b6ef9e851ccfc561e4a00.png

Best regards from Hainburg, Germany

Jürgen Dannoritzer

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.