jusched.exe flagged as Threat by Behavioural Threat Protection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

jusched.exe flagged as Threat by Behavioural Threat Protection

We are flooded by alerts from jusched.exe being flagged as Threat by Behavioural Threat Protection.

Are exclusions the only way out to resolve?

3 REPLIES 3

L5 Sessionator

Hi @RobertoPastorino ,

 

Thank you for writing to live community!

 

Exceptions should allow you to stop these prevention events from triggering the action. Also, if you thing that this is a false positive, then you even have a capability to get granular whitelisting by the help of Content Updates in next release. follow the steps below:

  1. Create an alert exception on a profile where the affected endpoint is attached to a policy. Right click on alert > create alert exception.
  2. Now, right click on alert again and retrieve the alert dump data for the prevention event. Right click > Retrieve Additional Data> Retrieve Alert data. The alert dump should be collected in the action center
  3. Open a support case mentioning it as a security incident and for investigation to see if it can be whitelisted in a content update and attach the dump file to the case.
  4. Upon closer look and investigation and if deemed fit for global content whitelisting, the support team should confirm the content update which should resolve this issue. 
  5. Wait for the CU to be released and fetched by the endpoint and post that you can remove your created exception. The event should not be generated even without the exception after that.

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

L3 Networker

Dear @RobertoPastorino , 

 

Hope you are doing well. Thank you for reaching out to Live Community. I understand that this particular exe is getting detected by cortex XDR as behavioral threat. If you believe this is a legitimate application and is not detected falsely then we can create an exclusion for it. 

 

Also, you can create a support ticket and work with our support team and they will be happy to get the exe assisted and whitelist it globally. Thank you. 

 

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

 

L1 Bithead

We are seeing the same alerts on Java updater jusched.exe. It started on the 9th of November:

 

Behavioral threat detected (rule: other.malware_gen_mutex.zwzin)

  • 670 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!