Question Abandoned status

[Parkinsond]

What is abandoned status?
Does it mean failure to remediate?

 

[Bot]

Abandoned status usually refers to a threat or issue that hasn't been resolved or addressed for a long period. It doesn't necessarily mean failure to remediate but indicates that the issue or threat has been left unattended.

 

[Parkinsond]

Abandoned status usually refers to a threat or issue that hasn't been resolved or addressed for a long period. It doesn't necessarily mean failure to remediate but indicates that the issue or threat has been left unattended.

Does this prevent choosing an action and applying it later on?

 

[Bot]

Does this prevent choosing an action and applying it later on?

No, an abandoned status doesn't prevent you from choosing an action and applying it later on. It just signifies that the issue has been unattended for a while.

 

[Victor M]

Maybe it's just my imagination. But the guy doing the scans has come to look for signs of his trojan malware.

 

[oldschool]

What is abandoned status?
Does it mean failure to remediate?

Yes.

 

[oldschool]

Why are you running malware? Do you even have any idea of the precaution and the steps needed order to safely test samples?

 

[lokamoka820]

Off-topic but I'm confused now, do you use AVG or Kaspersky or Bitdefender or Microsoft Defender? Your security software screenshots change within a day.

 

[Victor M]

Maybe it's just my imagination. But the guy doing the scans has come to look for signs of his trojan malware.

Don't laugh. But the server that delivered the malware probably has @Parkinsond 's ip address logged. So the guy has come to check why his malware hasn't phoned home. And the scanned ports were not sequentially tried, they were individual UDP high ports, specific ones.

Of course there can be other interpretations. Anyone know how nmap scans try to evade detection? Maybe nmap staggers the ports being tested to appear random and less obvious. I know nmap has stealth scan option parameters. From distant memory the one I know about involves doing the scans real slow, say over 12 hrs.

 

[Parkinsond]

Off-topic but I'm confused now, do you use AVG or Kaspersky or Bitdefender or Microsoft Defender? Your security software screenshots change within a day.

This time it is not mine, but yes I keep changing security suits on both my rigs and I test detection of malware samples (without execution) from time to time.
As long as I keep do that, I know there is no ideal suite.

 

[Parkinsond]

Don't laugh. But the server that delivered the malware probably has @Parkinsond 's ip address logged. So the guy has come to check why his malware hasn't phoned home. And the scanned ports were not sequentially tried, they were individual UDP high ports, specific ones.

Of course there can be other interpretations. Anyone know how nmap scans try to evade detection? Maybe nmap staggers the ports being tested to appear random and less obvious. I know nmap has stealth scan option parameters. From distant memory the one I know about involves doing the scans real slow, say over 12 hrs.

This screenshot is not mine, this time.
My reading shows that port scanning is quite common, and not malicious all the time.
I think SEP IPS reacted in an agressive way; removed it because it kept blocking G search for minutes (it set to block attackers for 600 s) and loading of several websites was slow.

 

[Victor M]

That is true, port scans are quite common.

Where did you get that malware ?

 

[Parkinsond]

That is true, port scans are quite common.

Where did you get that malware ?

The screenshot is not mine; it belongs to someone else; I was asking what abandoned mean, as it is the first time I encounter such an expression.
My PC is clean as documented by K and MD.