As a Microsoft employee hopefully he can give us more info soon.ĮDIT4: Response from Zero03 (Microsoft Employee in this thread):Īs long as the end of the scan shows everything is good, everything is good. Spun up a clean VM, ran MSERT - no "files infected".Ĭopied the Exchange 2019 Cumulative Update 8 ISO file onto the VM, ran MSERT and moments after it started scanning the ISO it marked 2 "files infected"ĮDIT3: Please keep an eye on zero03's replies in the thread. It seems like the latest MSERT is detecting false positives but the more people to confirm, the better.ĮDIT2: Well, confirmed. I've been freaking physically ill from the stress and uncertainty for days now.Īnyone else see this weird behaviour with the latest MSERT?ĮDIT: Anyone running into the same behaviour, please check the comments. I'm running the scan again now to see what happens but I'm just so done with all of this. Literally nothing on the Exchange server has changed except that I've downloaded some baselines from Microsoft's own Git to run the CompareExchangeHashes.ps1 script. The scan completes and it says completed successfully and no viruses found. I also manually check for webshells, both come up clean except for 1 Autodiscover probe on 3-3 I already knew about. Meanwhile I check Test-ProxyLogon to verify there have been no additional probes. So my stomach drops and I wait for the scan to finish so I can see which files are infected. It's always come back clean but now suddenly mid-scan it displays "Files infected: 7".
As in, I re-download the MSERT every day for most updated definitions. Due to the Exchange vulnerability I've been running an updated version of the MSERT scan every evening.
0 kommentar(er)
