Hi,
After running a scan from my Security Console I am getting Windows Defender flagging me of dangerous files. Is this normal?
Exploit:Python/CVE-2021-38647!rfn
Alert level: Severe
Status: Active
Date: 3/8/2023 3:32 AM
Category: Exploit
Details: This program is dangerous and exploits the computer on which it is run.
Affected items:
file: C:\Program Files\rapid7\nexpose\updates\packages\2073900907.jar2108747687096745859tmp
Yes this is expected when windows defender is turned on. We recommend whitelisting the Rapid7 directory from Windows Defender. InsightVM is designed to test your systems so we have several files within that directory that endpoint protection tools would deem as malicious which (if it were on any computer other than the security console or scan engines) would and should be treated as malicious.
@john_hartman aren’t those tmp files treated as executables in some instances? Actually, I know they are. First time I have ever heard such honestly.