MECM - rundll32 and Illusion.Jaguar.28.10BA4514.1B.3020200

Hi,

We use Microsoft Endpoint Configuration Manager (MECM).

In our Bitdefender Gravity Zone I have enabled "Microsoft Configuration Manager" under "Vendor and product exclusions > Custom".

Last Friday I upgraded our MECM to version 2309.

Since Saturday Bitdefender Gravity Zone has been sending Hyper-Detect-Alerts regarding found malware.

Name of the malware: Illusion.Jaguar.28.10BA4514.1B.3020200

Infected file: rundll32.exe

SHA256 hash: N/A

Command line: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" PolicyAgentProvider.dll,Setup_CheckNamespaces

And:

Command line: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" PolicyAgentEndpoint.dll,Setup_InitializePolicy

Is it necessary to add any "In-policy exclusions"?

(e.g. regarding Configuration Manager folders on clients, like ccmcache, ccm or ccmsetup)

Best regards,

bolkony

Find more posts tagged with

Accepted answers

All comments

Gjoksi

Hello.

Since you need help with business product, @Andrei_S Enterprise (who provides support for business products) could take a look here and help you with the issue.

Also, you can always contact the Bitdefender business support:

https://www.bitdefender.com/business/support/en/71263-85158-contact.html

Regards.

Andrei_S Enterprise

Hello @bolkony ,

We will need a Support Tool and a bdsyslog in order for our Lab team to review the detection.

Based on this we will be able to provide an appropriate solution for your case.

Please open a support case with our Enterprise Support Team and provide the following files:

https://www.bitdefender.com/business/support/en/71263-120873-using-the-bdsyslog-scanning-tool.html#UUID-568901e3-e081-f00a-c24b-6e59e2e444de

https://www.bitdefender.com/business/support/en/71263-120873-using-the-bdsyslog-scanning-tool.html

Kind Regards,