07-30-2024 06:17 AM
|
Threat Type
|
ml-virus
|
|
Threat ID/Name
|
Malicious MSOffice Files
|
|
ID
|
599806 (View in Threat Vault)
|
|
Category
|
malicious-msoffice
|
|
Content Version
|
AppThreat-8875-8875
|
|
Severity
|
medium
|
|
Repeat Count
|
1
|
|
File Name
|
AcrobatDCx64Manifest3.msi
|
|
URL
|
|
|
Partial Hash
|
108178206800356620
|
|
Destination
|
23.200.196.138
|
8:16:10.000000 00:00:00:00:00:00 > 00:00:00:00:00:00, 802.3, length 0: LLC, dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0008: Information, send seq 4, rcv seq 0, Flags [Command], length 79 0x0000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0010: 0800 4500 004b 0000 0000 4006 a32f 17c8 ..E..K....@../.. 0x0020: c48a c0a8 3ab0 01bb f922 0000 00c6 0000 ....:...."...... 0x0030: 00fb 5018 ffff 0000 0000 001d 0000 001e ..P............. 0x0040: 0000 001f 0000 0020 0000 0021 0000 0022 ...........!..." 0x0050: 0000 0023 0000 0024 0000 0025 00 ...#...$...%. 08:16:10.000000 00:00:00:00:00:00 > 00:00:00:00:00:00, 802.3, length 0: LLC, dsap Null (0x00) Individual, ssap Null (0x00) Command, ctrl 0x0008: Information, send seq 4, rcv seq 0, Flags [Command], length 702 0x0000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 0x0010: 0800 4500 02c3 0000 0000 4006 a32f 17c8 ..E.......@../.. 0x0020: c48a c0a8 3ab0 01bb f922 0000 00e9 0000 ....:...."...... 0x0030: 00fb 5018 ffff 0763 0000 d0cf 11e0 a1b1 ..P....c........ 0x0040: 1ae1 0000 0000 0000 0000 0000 0000 0000 ................ 0x0050: 0000 3e00 0300 feff 0900 0600 0000 0000 ..>............. 0x0060: 0000 0000 0000 0100 0000 0100 0000 0000 ................ 0x0070: 0000 0010 0000 0300 0000 0200 0000 feff ................ 0x0080: ffff 0000 0000 0000 0000 ffff ffff ffff ................ 0x0090: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00a0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00b0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00c0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00d0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00e0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x00f0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0100: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0110: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0120: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0130: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0140: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0150: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0160: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0170: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0180: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0190: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01a0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01b0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01c0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01d0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01e0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x01f0: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0200: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0210: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0220: ffff ffff ffff ffff ffff ffff ffff ffff ................ 0x0230: ffff ffff ffff ffff ffff fdff ffff 0200 ................ 0x0240: 0000 0600 0000 1600 0000 0500 0000 0700 ................ 0x0250: 0000 1400 0000 0800 0000 0900 0000 0a00 ................ 0x0260: 0000 0b00 0000 0c00 0000 feff ffff 0e00 ................ 0x0270: 0000 0f00 0000 1000 0000 1100 0000 1200 ................ 0x0280: 0000 1300 0000 1500 0000 feff ffff 1700 ................ 0x0290: 0000 feff ffff 1800 0000 1900 0000 feff ................ 0x02a0: ffff 1b00 0000 1c00 0000 1d00 0000 1e00 ................ 0x02b0: 0000 1f00 0000 2000 0000 2100 0000 2200 ..........!...". 0x02c0: 0000 2300 0000 2400 0000 2500 ..#...$...%.
09-09-2024 05:15 PM
You can manually or semi-automatically whitelist the alert using 1 of 2 different methods:
The semi-automatic method:
Go to Monitor->Logs->Threat and look at the threat logs. Hover over the ThreatID/Name of the signature you want to whitelist and click the small drop-down arrow that appears at the end of the name. It will give you an option for "Exception", which takes you to a screen to exempt that signature (exact screen depends on if it is an AV, Anti-Spyware, etc. signature). Add the exemption to the appropriate profiles and save/commit.
The manual method:
Go to Monitor->Logs->Threat and click details on a detected threat you want to whitelist. Note Threat ID number in the Details section. Determine if it is an AV, Anti-Spyware, etc. type signature. Go to the appropriate signature-type profile under Objects->SecurityProfiles->[signature-type] and select the profile for the whitelist. In the profile, select the Signature Exceptions tab and add the Threat ID number you noted earlier. (Note: In some profile types you need to click the "Show all signatures" checkbox and the filter/search by name/ID number to locate the signature, select it as an exception.)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
