Jump to content
Welcome to our new Citrix community!

Download of configuration backup being detected as Virus


Recommended Posts

On 11/7/2023 at 10:28 PM, Britt Adams1709156619 said:

Seems kind of odd being the VPX was setup from scratch a year ago with the most recent 13.0 appliance version at that time.

So was it updated since then? There have been four major security vulnerabilities within the last months and if you recently backed up your NetScaler without having these CVEs mitigated, there is a high possibility that you have been compromised on that appliance.

The mentioned .php Files from Defender Screenshot are looking odd aswell. Manipulated php-files have been used to steal credentials after compromising an appliance. You maybe want to look into these mentioned php-files and search for some odd code.

Link to comment
Share on other sites

1 hour ago, Jens Ostkamp said:

Yes we have been very diligent on updating and have updated the appliance  as quickly as possible when the releases have come out. The file look like Campaign #3 from https://www.shadowserver.org/news/technical-summary-of-observed-citrix-cve-2023-3519-incidents/ Which was July of this year. File dates were in August. Ultimately Citrix support said they do not care, not their problem. I am building a new VPX for now and looking for a replacement of the entire Citrix platform. 

 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...