Hello,
We were impacted by a malware earlier this week and sent the file involved to Symantec. It was now added as a new threat but the report I now received mentions that the malware/virus was already known by a lot of other aliases (Script.Virus (DrWeb), Worm.Script ()Kaspersky),JS.Kryptic.AVA (Eset), KS/Bondat.I (McAfee), JS_EXJAYSEE.SMA (Trend) MS) They all detect the script and prevent it from running.
On our W10 machines with SEP 12.1.6 and latest definitions the script can be run without any issues at all. Uninstalling SEP and then doubleclicking on the JSE file gives a Windows Defender Popup that the script is malicious and cannot be executed. It properly quarantaines the file.
Why wasn' this already in the definition files from Symantec so we would never had run into the issue in the first place ?
Does it happen a lot that known viruses/malware needs to be upload to the threat center of Symantec ? This should not be the case for this file I think as it was not a new threat. As far as we could tell the malware is from last year.
Now we had the hassle of wiping a few laptops and restoring files on the fileservers (and scanning all shares for JSE files)
Best regards,
Sven