Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Video Reviews - Security and Privacy
G data IS 2018 vs Ransomwares
Message
<blockquote data-quote="Deleted member 65228" data-source="post: 719410"><p>I don't know, unless we have the samples used to test with anything could have happened. It could have said one thing and not really done what it said, maybe it meant that the script executing under wscript.exe was quarantined.</p><p></p><p>However it does appear based on what the alert is saying that it quarantined a safe Windows process (wscript.exe), this could cause problems depending on the environment should wscript.exe be needed for things. On that note though, if it were to quarantine wscript.exe because of malicious software and unless it did successfully revert everything, the system would likely already be trashed and a re-installation of Windows would be in order for Incident Response policy anyway.</p><p></p><p>It is interesting though, I'd have thought it'd target only the script... Not the windows process as well. Not sure what to think of that. I can see positives of it, but not all scenarios would come from positive from it.</p><p></p><p>Scenario 1.</p><p>1. User gets infected.</p><p>2. Wscript.exe was used and becomes quarantined.</p><p>3. User cleans systems up with on-demand scanners since the threat was from a small actor and wasn't very complicated, can be cleaned properly without re-installation of Windows.</p><p>4. Now wscript.exe is still quarantined (could cause problems down the line, potentially (?))</p><p></p><p>Scenario 2.</p><p>1. Business gets infected.</p><p>2. Wscript.exe was used and becomes quarantined.</p><p>3. There's still traces of malware on the system from the same threat however it requires the script to be executed to continue, it can't since wscript.exe has been quarantined.</p><p>4. The business has a good Incident and Response implementation and formatting and re-installation of Windows will be performed after assessment of the infection and calculations of potential damage, etc. Therefore it no longer matters.</p><p></p><p>Different scenarios with different outcomes decide if it would cause an issue or not, however generally speaking, quarantine a system process... Not a good idea. Could always be a bug though.</p></blockquote><p></p>
[QUOTE="Deleted member 65228, post: 719410"] I don't know, unless we have the samples used to test with anything could have happened. It could have said one thing and not really done what it said, maybe it meant that the script executing under wscript.exe was quarantined. However it does appear based on what the alert is saying that it quarantined a safe Windows process (wscript.exe), this could cause problems depending on the environment should wscript.exe be needed for things. On that note though, if it were to quarantine wscript.exe because of malicious software and unless it did successfully revert everything, the system would likely already be trashed and a re-installation of Windows would be in order for Incident Response policy anyway. It is interesting though, I'd have thought it'd target only the script... Not the windows process as well. Not sure what to think of that. I can see positives of it, but not all scenarios would come from positive from it. Scenario 1. 1. User gets infected. 2. Wscript.exe was used and becomes quarantined. 3. User cleans systems up with on-demand scanners since the threat was from a small actor and wasn't very complicated, can be cleaned properly without re-installation of Windows. 4. Now wscript.exe is still quarantined (could cause problems down the line, potentially (?)) Scenario 2. 1. Business gets infected. 2. Wscript.exe was used and becomes quarantined. 3. There's still traces of malware on the system from the same threat however it requires the script to be executed to continue, it can't since wscript.exe has been quarantined. 4. The business has a good Incident and Response implementation and formatting and re-installation of Windows will be performed after assessment of the infection and calculations of potential damage, etc. Therefore it no longer matters. Different scenarios with different outcomes decide if it would cause an issue or not, however generally speaking, quarantine a system process... Not a good idea. Could always be a bug though. [/QUOTE]
Insert quotes…
Verification
Post reply
Top