![]() It’s possible some unconfirmed files may get triggered in the GUI as infected on some scans, but it’s what is displayed at the end of the that really matters and determines whether you’re dealing with a possible infections. ![]() As a Microsoft employee hopefully he can give us more info soon.ĮDIT4: Response from Zero03 (Microsoft Employee in this thread):Īs long as the end of the scan shows everything is good, everything is good. For example: Windows R windir\system32\mrt. 3 To run it manually at other times, users can use the Windows Command Prompt or Run command via the Start Menu or the Windows R key, and then start 'mrt.exe'. Spun up a clean VM, ran MSERT - no "files infected".Ĭopied the Exchange 2019 Cumulative Update 8 ISO file onto the VM, ran MSERT and moments after it started scanning the ISO it marked 2 "files infected"ĮDIT3: Please keep an eye on zero03's replies in the thread. The tool records its results in a log file located at windir\debug\mrt.log. It seems like the latest MSERT is detecting false positives but the more people to confirm, the better.ĮDIT2: Well, confirmed. I've been freaking physically ill from the stress and uncertainty for days now.Īnyone else see this weird behaviour with the latest MSERT?ĮDIT: Anyone running into the same behaviour, please check the comments. ![]() I'm running the scan again now to see what happens but I'm just so done with all of this. Literally nothing on the Exchange server has changed except that I've downloaded some baselines from Microsoft's own Git to run the CompareExchangeHashes.ps1 script. The scan completes and it says completed successfully and no viruses found. I also manually check for webshells, both come up clean except for 1 Autodiscover probe on 3-3 I already knew about. Meanwhile I check Test-ProxyLogon to verify there have been no additional probes. So my stomach drops and I wait for the scan to finish so I can see which files are infected. It's always come back clean but now suddenly mid-scan it displays "Files infected: 7". The file is saved in the same folder where the HealthChecker.ps1 script is located. As in, I re-download the MSERT every day for most updated definitions. The results are logged and stored at SYSTEMROOTdebugmsert.log. Due to the Exchange vulnerability I've been running an updated version of the MSERT scan every evening.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |