Jump to content
thewild

False positive on vbs script

Recommended Posts

Hi,

I have a vbs script that is detected by KES 10 as a malicious script (it is not, because I've coded it myself, it does exactly what is intended).

How prevent it from being detected ? I don't want to exclude the folder because the script can be accessed in different ways (unc path, local folder, mapped drive...). I also don't think that using the file name is a good idea because I will write similar scripts with different names.

Any idea ?

 

BTW, the problem is probably that I am using Microsoft.XMLHTTP to download a file from an URL, but that's typically what my admin scripts do...

Share this post


Link to post

It seems that using MSXML2.XMLHTTP.6.0 instead of Microsoft.XMLHTTP (which is deprecated anyway) works.

Using MSXML2.XMLHTTP (generic call which falls back to MSXML2.XMLHTTP.3.0) does not work though.

Share this post


Link to post

No, using MSXML2.XMLHTTP.6.0  instead of Microsoft.XMLHTTP fixes the issue.

Not sure weather this makes any sense though. The latter library is deprecated, but both have the same functionnalities.

Share this post


Link to post

×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.