Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

How to use the Juniper Malware Removal Tool

SUMMARY You can use the Juniper Malware Removal Tool (JMRT) to scan for and remove malware running on Juniper Networks devices. You can run two types of scans— quick scan and integrity check. You can also run test scans that check for fake malware. Use Feature Explorer to confirm platform and release support for specific features.

Run a Quick Scan

You can use JMRT to run a quick scan to check for and remove malware on your system.
  • To run a scan on all the processes currently running on the system, use the request system malware-scan quick-scan command.
    JMRT identifies processes and files containing malware and deletes them. Ideally, your device is free of malicious files and processes, and JMRT does not identify any process as potential malware, as seen in the following example:
    If JMRT identifies a file or process as potential malware, it displays the process ID and location of the malware and then deletes it.
    For example:
  • To scan specific processes, use the pids option with quick-scan to specify the processes that need to be scanned.
    This method is faster than a general scan because JMRT does not scan every single process that is running on the system.
    In the following example, JMRT scans only processes with process IDs (PIDs) 42 and 97.
  • Use the clean-action option to indicate the action to take if malware is identified.
    The default is clean, which removes malicious files and processes. The warn action informs the user about malware but does not remove it.
    In this example, JMRT scans process 26329 and notifies the user if it is malware but does not delete the process.
    In this example, JMRT scans process 26315 and deletes it if it is malware.

Run an Integrity Check

You can use JMRT to check whether integrity mechanisms are enabled and working properly.
Run the request system malware-scan integrity-check command.
For example:
Note:

From Junos OS Release 19.2 through Release 21.3, integrity-check was called veriexec-check. We changed the command name in Junos OS Release 21.4 to reflect that different integrity mechanisms might be used on different platforms (for instance, Junos OS uses Veriexec, whereas Junos OS Evolved uses Integrity Measurement Architecture, or IMA).

Run a Test Scan

Using JMRT, you can run fake malware processes on the system and use them for testing purposes. These processes are not actually malicious, but you can use them to observe how JMRT behaves when it identifies malware.

The test commands are available by default in Junos OS Evolved. To use these commands in Junos OS, you must install the optional jmrt-test package.

Note:

Use the following commands to install the jmrt-test package:

  • For Junos OS Release 20.1R1 or later:
    request system software add optional://jmrt-test

  • For Junos OS releases before Release 20.1R1 (with 64-bit Routing Engine):
    request system software add optional://jmrt-test-x86-64.tgz

  • For Junos OS releases before Release 20.1R1 (with 32-bit Routing Engine):
    request system software add optional://jmrt-test-x86-32.tgz

  1. (Optional) Use JMRT to create a fake malware process.
  2. (Optional) View a list of the process IDs of all the fake malware that are currently running on the system.
  3. Run a test scan for fake malware by using the test option with the quick-scan statement.
    The following example runs a test scan on processes 25855 and 25857, which are fake malware processes that were created earlier.
    Note:

    You must use the test option because normal scans do not check for fake malware.