topic jusched.exe flagged as Threat by Behavioural Threat Protection in Cortex XDR Discussions

jusched.exe flagged as Threat by Behavioural Threat Protection

RobertoPastorino — Thu, 09 Nov 2023 09:40:05 GMT

We are flooded by alerts from jusched.exe being flagged as Threat by Behavioural Threat Protection.

Are exclusions the only way out to resolve?

Re: jusched.exe flagged as Threat by Behavioural Threat Protection

neelrohit — Thu, 09 Nov 2023 15:02:42 GMT

Thank you for writing to live community!

Exceptions should allow you to stop these prevention events from triggering the action. Also, if you thing that this is a false positive, then you even have a capability to get granular whitelisting by the help of Content Updates in next release. follow the steps below:

Create an alert exception on a profile where the affected endpoint is attached to a policy. Right click on alert > create alert exception.
Now, right click on alert again and retrieve the alert dump data for the prevention event. Right click > Retrieve Additional Data> Retrieve Alert data. The alert dump should be collected in the action center
Open a support case mentioning it as a security incident and for investigation to see if it can be whitelisted in a content update and attach the dump file to the case.
Upon closer look and investigation and if deemed fit for global content whitelisting, the support team should confirm the content update which should resolve this issue.
Wait for the CU to be released and fetched by the endpoint and post that you can remove your created exception. The event should not be generated even without the exception after that.

Hope this helps!

Please mark the response as "Accept as Solution" if it answers your query.

Re: jusched.exe flagged as Threat by Behavioural Threat Protection

abdrahman — Thu, 09 Nov 2023 15:42:52 GMT

Dear @RobertoPastorino ,

Hope you are doing well. Thank you for reaching out to Live Community. I understand that this particular exe is getting detected by cortex XDR as behavioral threat. If you believe this is a legitimate application and is not detected falsely then we can create an exclusion for it.

Also, you can create a support ticket and work with our support team and they will be happy to get the exe assisted and whitelist it globally. Thank you.

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

Re: jusched.exe flagged as Threat by Behavioural Threat Protection

adminglu — Fri, 10 Nov 2023 08:12:57 GMT

We are seeing the same alerts on Java updater jusched.exe. It started on the 9th of November:

Behavioral threat detected (rule: other.malware_gen_mutex.zwzin)