Advice Request How to prevent efficiently Defender from considering a given VBS script as containing a threat

Please provide comments and solutions that are helpful to the author of this topic.
I have just discovered incidently that cURL is now available in WIN10.
It is not the latest version, but rev 7.55.1 (November 2017), and this quite old version do not manage as many protocols as the latest version, but is 100% enough to download a file in http/https

I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
 
  • Like
  • Applause
Reactions: oldschool, Gandalf_The_Grey and Andy Ful
LaurentG said:
...
I have then replaced usage of Msxml2.ServerXMLHTTP and ADODB.Stream by call of cURL.
The script is more "simple" (and everything can be in the same script), and the result is exactly the same... but Defender do not detect the script any more as TrojanDownloader:HTML/Adodb.gen!A :)(y)
Click to expand...
Yes. And there are some more possibilities, too. I use FirewallHardening tool to block curl and several LOLBins.:)
 
  • Like
Reactions: oldschool, mkoundo and Gandalf_The_Grey

You may also like...