Good morning!
Today I had some issues with opening the PRTG user interface and after upgrading both the windows server and PRTG Core server I still had issues. I then checked our firewall logs and see that some of the traffic between my computer and the core server is blocked due to a virus in the file beeing requested.
We are using Palo Alto Networks as our firewall and filter, and this is the system that detected this and is blocking the traffic.
Here are the details from the firewall: Threat Type: virus Threat Name: BADJOKE/JS.RJUMP.s ID: 90859973 (https://threatvault.paloaltonetworks.com/?query=90859973) Category: unknown Content Version: Antivirus-2911-3421 Severity: medium Repeat Count: 1 File Name: prtgmini.css UR: Pcap ID: 0
Of course this could be a error in the antivirus definitions file that where downloaded recently to the firewall, or it could actually be something fishy in the prtgmini.css.
Any suggestions?
Hi there,
Could you upload your "prtgmini.css", located on the Core under "C:\Program Files (x86)\PRTG Network Monitor\webroot\css\", on VirusTotal, just to check if they detect this as well?
https://www.virustotal.com/
What I really wonder about is, why does PaloAlto detect a JavaScript worm in a CSS file? This might be a false-positive on PaloAltos side.
Best regards.
Mar, 2019 - Permalink