Enterprise Security

Enterprise Security

MECM - rundll32 and Illusion.Jaguar.28.10BA4514.1B.3020200

edited December 2023 in Enterprise Security

Hi,

We use Microsoft Endpoint Configuration Manager (MECM).

In our Bitdefender Gravity Zone I have enabled "Microsoft Configuration Manager" under "Vendor and product exclusions > Custom".

Last Friday I upgraded our MECM to version 2309.

Since Saturday Bitdefender Gravity Zone has been sending Hyper-Detect-Alerts regarding found malware.

Name of the malware: Illusion.Jaguar.28.10BA4514.1B.3020200

Infected file: rundll32.exe

SHA256 hash: N/A

Command line: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" PolicyAgentProvider.dll,Setup_CheckNamespaces

And:

Command line: C:\Windows\System32\rundll32.exe "C:\Windows\System32\rundll32.exe" PolicyAgentEndpoint.dll,Setup_InitializePolicy

Is it necessary to add any "In-policy exclusions"?

(e.g. regarding Configuration Manager folders on clients, like ccmcache, ccm or ccmsetup)


Best regards,

bolkony

Answers

Welcome!

It looks like you're new here. Sign in or register to get started.

Welcome!

It looks like you're new here. Sign in or register to get started.