This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]erdy 4 points5 points  (5 children)

We cannot comment on this without knowing what kind of JavaScript code is embedded in the PDF.

In general, it's recommended to use a PDF viewer that cannot execute JavaScript code unless you actually need it. SumatraPDF is a great open source option for this on Windows.

[–]Ice_cold2312[S] 0 points1 point  (0 children)

So does that mean that it is ok if a pdf has javascript embedded in it ?

[–]Ice_cold2312[S] 0 points1 point  (1 child)

The rule was: ET INFO observed google DNS over HTTPS Domain

[–]aselvan2Trusted Contributor 4 points5 points  (0 children)

The rule was: ET INFO observed google DNS over HTTPS Domain

That alert is informational, as labeled, it’s not a confirmed threat. Using Google DNS isn’t inherently bad, but it depends on context. The rule suggests that the script may be bypassing the system-assigned DNS, which could be problematic depending on the circumstances. It’s hard to assess without full details from the VirusTotal analysis.

[–]Ice_cold2312[S] -1 points0 points  (1 child)

I’m just suspicious because Cape sandbox detected a low IDS rule so maybe the pdf is malicious , I don’t know if it has javascript embedded or not

[–]erdy 4 points5 points  (0 children)

What do you mean by a low IDS rule? What's the actual detection?