Is this an issue? Windows Defender flagging InsightVM tmp files

ychin · March 8, 2023, 7:38am

Hi,

After running a scan from my Security Console I am getting Windows Defender flagging me of dangerous files. Is this normal?

Exploit:Python/CVE-2021-38647!rfn

Alert level: Severe
Status: Active
Date: 3/8/2023 3:32 AM
Category: Exploit
Details: This program is dangerous and exploits the computer on which it is run.

Affected items:
file: C:\Program Files\rapid7\nexpose\updates\packages\2073900907.jar2108747687096745859tmp

john_hartman · March 8, 2023, 3:59pm

Yes this is expected when windows defender is turned on. We recommend whitelisting the Rapid7 directory from Windows Defender. InsightVM is designed to test your systems so we have several files within that directory that endpoint protection tools would deem as malicious which (if it were on any computer other than the security console or scan engines) would and should be treated as malicious.