Disabling Microsoft Security Essentials for Metasploit

Disabling Microsoft Security Essentials for Metasploit is an essential step prior to installation or you will be repairing or re-installing immediately. 

If you are installing Metasploit then you know it is not a virus, it is not spyware, but naturally it is capable of acting like them should you choose to employ it as such.  Therefore Microsoft Security Essentials does not like it.  Here is what you need to do prior to (re)installation.

Disable real-time protection here on the Settings tab:

Disable Microsoft Security Essentials

Disable Microsoft Security Essentials

Now scheduled scans can still burn you if they kick off so make an exception here in the Excluded files and locations:

Excluding Metasploit from Microsoft Security Essentials Scans

Excluding Metasploit from Microsoft Security Essentials Scans

If you have discovered this after the fact you can restore the files quarantined by Microsoft Security Essentials by browsing your History tab.  Be careful to check each file you are restoring is actually part of Metasploit and not some other random bad thing.  You can see that in the details panel, example below:

Restoring Metasploit Files from Microsoft Security Essentials Quarantine

Restoring Metasploit Files from Microsoft Security Essentials Quarantine

Simply check the boxes and click Restore.  Some of the commonly misdiagnosed files and quarantined items are:

scadapro_cmdexe.rb – TrojanDownloader:HTML/Adodb.gen!A
download_exec_vbs.rb – TrojanDownloader:HTML/Adodb.gen!A
apple_quicktime_texml_font_table.rb – Exploit:JS/ShellCode.AT
ie_createobject.rb – TrojanDownloader:JS/Psyme.AG
cisco_playerpt_setsource.rb – Exploit:JS/ShellCode.AT
ie_cbutton_uaf.rb – Exploit:JS/HeapAli
ie_cgenericelement_uaf.rb – Exploit:Win32/CVE-2013-1347.B
ie_execcommand_uaf.rb – Exploit:Win32/CVE-2012-4969.E
ms09_043_owc_msdso.rb – Exploit:JS/MS09002.C
ms11_050_mshtml_cobjectelement.rb – Exploit:JS/ShellCode.AT
ms13_009_ie_slayoutrun_uaf.rb – Exploit:Win32/CVE-2013-0025
msxml_get_definition_code_exec.rb – Exploit:Win32/CVE-2012-1889.AH
ntr_activex_check_bof.rb – Exploit:JS/ShellCode.AT
ntr_activex_stopmodule.rb – Exploit:JS/ShellCode.AT
real_arcade_installerdlg.rb – TrojanDownloader:HTML/Adodb.gen!A
zenworks_helplauncher_exec.rb – TrojanDownloader:HTML/Adodb.gen!A

 

 

No comments yet. Be the first!

Leave a Reply

Get in touch

Powered by WordPress. Designed by WooThemes