Q&A How to prevent efficiently Defender from considering a given VBS script as containing a threat

LaurentG

Level 1
Mar 15, 2021
26
I have just discovered incidently that cURL is now available in WIN10.
It is not the latest version, but rev 7.55.1 (November 2017), and this quite old version do not manage as many protocols as the latest version, but is 100% enough to download a file in http/https

I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
 

Andy Ful

Level 71
Verified
Trusted
Content Creator
Dec 23, 2014
6,023
...
I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
Yes. And there are some more possibilities, too. I use FirewallHardening tool to block curl and several LOLBins.:)
 
Top