Advice Request How to prevent efficiently Defender from considering a given VBS script as containing a threat

Please provide comments and solutions that are helpful to the author of this topic.

LaurentG

Level 1
Thread author
Mar 15, 2021
26
I have just discovered incidently that cURL is now available in WIN10.
It is not the latest version, but rev 7.55.1 (November 2017), and this quite old version do not manage as many protocols as the latest version, but is 100% enough to download a file in http/https

I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
 

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,118
...
I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
Yes. And there are some more possibilities, too. I use FirewallHardening tool to block curl and several LOLBins.:)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top