JSReport webshell causing CrowdStrike alerts



  • I'm using JSReport for HTML to PDF and my InfoSec team is getting alerts due to the download and running of JSReport, is there anything I should be doing that would prevent this?

    In my Startup.cs I've started the service as follows:

    services.AddJsReport(new LocalReporting().UseBinary(JsReportBinary.GetBinary()).KillRunningJsReportProcesses().AsUtility().Create());

    In my controller I'm using the ChromePdf recipe

    HttpContext.JsReportFeature().Recipe(Recipe.ChromePdf)



  • Could you please share what urls/ips does your team collected?
    I tried to monitor the network and don't see external requests.



  • Sorry, I must have misunderstood what was happening. It doesnt appear to be JSReport itself thats causing problems. It appears to be IIS downloading and executing over and over that's being flagged. Is there any way to store the executable on the server and reference that instead of downloading and running the exe?



  • The executable is compiled into the jsreport.Binary.dll manifest.
    There is no download happening during the start. The binary with its parts is only extracted into the user's temp folder during the first start.


Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.