I would suggest maybe revisiting the changes you have made to the way the plugin works. I could create a rule in our AV to exempt these alerts, but this would be for any alerts triggered by the curl command. We have stopped updating Zotero to this latest version due to these many alerts we receive multiple times per user on version 6.27. This analytic looks for some of the ones used frequently in attacks that do not occur regularly under the Office suite implying a malicious Office macro may have been executed.Ĭurl -s -o /dev/null -I -w %' -X GET ' command=addEditCitation&document=/Applications/Microsoft Word.app/&templateVersion Microsoft Office runs a number software child processes on the regular. I will post the information from our alerts here for context as to why it is being seen as a security risk: It looks like this new method is what is being deemed a risk by various AV products. I see you are now using Curl to make the http request between the plugin and the Zotero app. However we are receiving multiple email alerts every time someone is running Zotero 6.0.27. Jamf Protect isn't blocking the plugin like others have experienced on Cloud Strike since we haven't configured it to do this. I am an admin at my institution and we use Jamf protect for AV. Hi I just wanted to reignite this conversation.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |