03-28-2022 10:08 PM
I run an open source project, and I recently had a user contact me to let me know that Cisco Security Endpoint is detecting the JS:Trojan.Cryxos.8744 trojan on my website. I've scoured the site/server with numerous CLI virus and malware scanners, as well as numerous remote scanners, and absolutely nothing is being detected. I've also looked through the server and I'm unable to find any issues.
Is there anywhere I can submit my site with Cisco to have it analyzed, or is there someone I can contact to get further information about what's being detected and where?
03-30-2022 08:22 AM
Hello @gregLTS ,
i assume that the customer downloaded something from your website (browsing/download file) where Secure Endpoint is detecting something. Would be great having the SHA256 of the detected file, so we can take a deeper look.
Greetings, Thorsten
04-09-2022 04:02 PM - edited 04-09-2022 04:15 PM
The user said they weren't downloading anything when the alert popped up, just visiting the homepage using Firefox. I've included the sha256 of the homepage below. I do also have a single download file offered on the site, so I've included the sha256 for it as well just in case.
Homepage: 5da911b41310e76687a8a4bc1fb9ba8b2a06d3231f4e35df541eccb3a668c65f
Download File: 1aeabcdbc74855b76820c68d95be238bea5401aeb34307c705cc2b4df8ee3eab
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide