"wscript.exe" Still Blocked After Added To Exception List. Any Advice?
Dear All,
Before asking here I have checked previous similar issues and the solution doesn't fully work.
I have a logon ****** that configures the network drives and other resources (for a wstation part of AD). However, even after adding wscript.exe process to the exception list, BD is blocking it, as per the following messages:
"Advanced Threat Control has blocked a process that has been detected as malicious. Process path: C:\Windows\System32\wscript.exe. Threat name: ATC.SuspiciousBehavior.9810910D5E7A6B5C" (at 13.54)
After the message, I have deleted the line from the exception list and add-it again. Sign out and then sign in and it worked.
But, at the restart, at 13.59, again, it was blocked:
"Advanced Threat Control has blocked a process that has been detected as malicious. Process path: C:\Windows\System32\wscript.exe. Threat name: ATC.SuspiciousBehavior.9810910D138A87B6".
The logon.vbs ****** is the same, no modification. I don't know why it is detecting a different threat. Why after altering the exception list with exact the same process, it does allow it's run, and after restart it doesn't.
Thank you very much for your help into this.
Best Answer
-
The detection is a false positive since wscript is a legitimate microsoft file. More information about wsscript can be found in below stated microsoft link.
https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/wscript
Share the file with malware researchers by filling up the forum in below stated link
https://www.bitdefender.com/consumer/support/answer/29358/
The detection should be removed in maximum of 72 hours.
Also, since it is a Advanced Threat Control (ATC) detection, the product in question might be related to bitdefender business product since ATC is a part of business product and not the consumer based product. As far as I know, you will not be able to generate the BDsysLog since it only works for consumer products and not for business products.
@Alexandru_BD or @Mike_BD can provide more information on Advanced Threat Control (ATC) and if this holds true for business product they will move your post to business category.
More information about Advanced Threat Control (ATC) can be found in below stated article.
https://www.bitdefender.com/business/support/en/77212-92697-advanced-threat-control.html
https://businessresources.bitdefender.com/solutionbrief-advanced-threat-control
You can also contact the bitdefender business support by visiting https://www.bitdefender.com/support/contact-us.html?last_page=BusinessCategory
Also, @Alex_Dr can also have a look at this post to share any information regarding this.
Regards
Life happens, Coffee helps!
Show your Attitude, when you reach that Altitude!
Bitdefender Ultimate Security Plus (user)
1
Answers
-
Hello.
Only the malware researchers at Bitdefender Lab can help you with the issue, so do the steps below.
First, take screenshot(s) of the issue,
create a log file on your Windows device using Bitdefender Support Tool, by following these steps:
and
create a log file on your Windows device using BDsysLog, by following these steps:
Next, contact Bitdefender Consumer Support by e-mail:
with short description of the issue.
After that, you will get an automated reply by the Bitdefender Customer Care Team, with your ticket number.
Now, in reply to that automated reply, you can send the screenshot(s) you already took and the log files you already created in the first step.
Since you are all done, just wait for the support engineers to investigate your issue and find a solution to fix the issue.
Remember that the screenshot(s) and the log files will help a lot to the support engineers for better and faster investigation on your issue and finding a solution.
Regards.
0
