This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

jusched.exe flagged as Threat by Behavioural Threat Protection

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

jusched.exe flagged as Threat by Behavioural Threat Protection

RobertoPastorino
L2 Linker

‎11-09-2023 01:40 AM

We are flooded by alerts from jusched.exe being flagged as Threat by Behavioural Threat Protection.

Are exclusions the only way out to resolve?

3 people had this problem.
3 REPLIES 3

neelrohit
L5 Sessionator

‎11-09-2023 07:02 AM

Hi @RobertoPastorino ,

 

Thank you for writing to live community!

 

Exceptions should allow you to stop these prevention events from triggering the action. Also, if you thing that this is a false positive, then you even have a capability to get granular whitelisting by the help of Content Updates in next release. follow the steps below:

  1. Create an alert exception on a profile where the affected endpoint is attached to a policy. Right click on alert > create alert exception.
  2. Now, right click on alert again and retrieve the alert dump data for the prevention event. Right click > Retrieve Additional Data> Retrieve Alert data. The alert dump should be collected in the action center
  3. Open a support case mentioning it as a security incident and for investigation to see if it can be whitelisted in a content update and attach the dump file to the case.
  4. Upon closer look and investigation and if deemed fit for global content whitelisting, the support team should confirm the content update which should resolve this issue. 
  5. Wait for the CU to be released and fetched by the endpoint and post that you can remove your created exception. The event should not be generated even without the exception after that.

Hope this helps!

 

Please mark the response as "Accept as Solution" if it answers your query.

0 Likes Likes

abdrahman
L3 Networker

‎11-09-2023 07:42 AM

Dear @RobertoPastorino , 

 

Hope you are doing well. Thank you for reaching out to Live Community. I understand that this particular exe is getting detected by cortex XDR as behavioral threat. If you believe this is a legitimate application and is not detected falsely then we can create an exclusion for it. 

 

Also, you can create a support ticket and work with our support team and they will be happy to get the exe assisted and whitelist it globally. Thank you. 

 

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

 

0 Likes Likes

adminglu
L1 Bithead

‎11-10-2023 12:12 AM

We are seeing the same alerts on Java updater jusched.exe. It started on the 9th of November:

 

Behavioral threat detected (rule: other.malware_gen_mutex.zwzin)

  • 787 Views
  • 3 replies
  • 1 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks