WPAD Malicious Link

[Natanael]

We are using KES 11.4 with KSC 12, and have some issue regarding event malicious link wpad domain which occured on our endpoint device user

 

Event type:     Dangerous link blocked
Application:     Host Process for Windows Services
Application\Name:     svchost.exe
Application\Path:     C:\Windows\System32\
Application\Process ID:     2444
User:     (Active user)
Component:     Web Threat Protection
Result\Description:     Blocked
Result\Type:     Malicious link
Result\Name:     http://wpad.domain.name/wpad.dat
Result\Threat level:     High
Result\Precision:     Exactly
Object:     http://wpad.domain.name/wpad.dat
Object\Type:     Web page
Object\Path:     http://wpad.domain.name/wpad.dat
Object\Name:     wpad.dat
Reason:     Automatic analysis
Database release date:     10/2/2021 8:29:00 AM
 

is there any solution beside ask the provide to change their router since it’s not our “area” to ask replacement hardware when the user using it from their home.

[Flood and Flood's wife]

Hello @Natanael, 

Welcome!

@Danila T. has posted a tutorial: What to do if Kaspersky detects wpad.

If that’s not a satisfactory solution, please contact Kaspersky support, via your company account. 

Also, (for home users), please read: Malicious object detected: wpad.dat, wpad.domain.name, Trojan.Script.Agent.dc, @ARGI has offered a solution, that appears to work for some home users. 

Thank you🙏

Flood🐳 +🐋