JSReport webshell causing CrowdStrike alerts
I'm using JSReport for HTML to PDF and my InfoSec team is getting alerts due to the download and running of JSReport, is there anything I should be doing that would prevent this?
In my Startup.cs I've started the service as follows:
In my controller I'm using the ChromePdf recipe
Could you please share what urls/ips does your team collected?
I tried to monitor the network and don't see external requests.
Sorry, I must have misunderstood what was happening. It doesnt appear to be JSReport itself thats causing problems. It appears to be IIS downloading and executing over and over that's being flagged. Is there any way to store the executable on the server and reference that instead of downloading and running the exe?
The executable is compiled into the
There is no download happening during the start. The binary with its parts is only extracted into the user's temp folder during the first start.