cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ammit
Level 8
Report Inappropriate Content
Message 1 of 12

Repeatedly receiving alert

Event description: JavaScript or VBScript security violation detected and blocked

Threat type: Trojan

Threat name: JS/Miner.ay

 Received on ePO server: 10/31/18 13:21:09 UTC

 Target file name(s):

Script executed by scrcons.exe

IP address: 10.192.XXXXX

 This message has been created by ePO server XXXXXXXXX

 

 

I have scanned the machine still receiving these alerts, please help to fix the issue.

Labels (2)
Tags (2)
11 Replies
McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 2 of 12

Re: Repeatedly receiving alert

Hi Ammit,

As a general rule if you are receiving alerts about Malware or any other matter of worth, it is true to say the condition/Malware is still active and needs attention.

I'd suggest a review of the scanner (VSE or ENS) configuration & logs to see if the named device is activity detecting/reporting the matter and action as needed with the help of the ENS/VSE team.

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Ammit
Level 8
Report Inappropriate Content
Message 3 of 12

Re: Repeatedly receiving alert

Please guide with the steps, i have updated VSE, DAT, agent.

Scanner the machine, still no go.

McAfee Employee Hawkmoon
McAfee Employee
Report Inappropriate Content
Message 4 of 12

Re: Repeatedly receiving alert

Hi Ammit,

I'd suggest you call the VSE/ENS support team to speak with one of the enginers so thay can work with you and that point product.

 

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Ammit
Level 8
Report Inappropriate Content
Message 5 of 12

Re: Repeatedly receiving alert

How can i contact the ENS team, I have the console access i am managing ePO.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 6 of 12

Re: Repeatedly receiving alert

Hi @Ammit

Those events indicate that  you are seeing a JS/Miner Malware. JS/Miner is a malware family that utilizes JavaScript (JS) either in a browser or via a standalone process (wscript.exe/cscript.exe) to mine crypto-currencies on a target user’s endpoint system. They are normally embedded within websites.

Please review the following threat advisory on this topic - it provides you with some further information on the detection and also mitigation steps: 

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/27000/PD27447/en_US/...

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Ammit
Level 8
Report Inappropriate Content
Message 7 of 12

Re: Repeatedly receiving alert

How can i fix this issue with the help of ePO console or by accessing the machine.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 8 of 12

Re: Repeatedly receiving alert

Please see my response from earlier, this should help.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Ammit
Level 8
Report Inappropriate Content
Message 9 of 12

Re: Repeatedly receiving alert

I am from the ENS team, i have the access to console, please help with the steps which i need to perform to fix this issue, its a big pain for recving alerts every now and then.

Reliable Contributor vnaidu
Reliable Contributor
Report Inappropriate Content
Message 10 of 12

Re: Repeatedly receiving alert

Hi Ammit,

You may refer the KB article KB81095 and create access protection user defined rules, as this is a java script which can be embedded in most of the websites where is the endusers are not aware. The Access Protection user defined rules could be of much help in your scenario.

 

Venu
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community