This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(185.6, 73%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBD%3C/text%3E%3C/svg%3E)
I patched and shut down my server before this scan was available. My server is isolated to the internet but I brought it up long enough to run the scan.
The response log is just a bunch of IP addresses.
or
or
Anyone know what to do with this info?
that script checks to see if there are any indications of the exploit. it doesnt mean you have been exploited however.
If you already removed any malware and dealt with the it, then you should be good. Just continue to be vigilant :)
Scan to see if there are any exploits. It not, then you are good.
Exchange On-premises Mitigation Tool
Download and run EOMT.ps1 as an administrator on your Exchange Server to automatically run the latest version of Microsoft Safety Scanner (MSERT). MSERT discovers and remediates web shells, which are backdoors that adversaries use to maintain persistence on your server.
https://github.com/microsoft/CSS-Exchange/tree/main/Security
Sorry - if I just ran that Test-ProxyLogon.ps1 - and got some results that I couldn't understand, what was the purpose of it? I'm not trying to be flip - I honestly don't know what the point of it was.
I'm not trying to patch my server - I've already gotten rid of it. I'm trying to ascertain if anything was really done.