Virus/spyware 'Troj/Badsrc-M

Hello Kris Mortensen,

you might occasionally encounter this and a few other (false positive) detections with shadow copies of the pagefile or "database" (e.g. *.edb) files. These can safely be ignored acknowledged. From the console select the affected endpoints, right-click, Resolve alerts and errors ... → select and Acknowledge. Or from the local GUI's Quarantine manager select and Clear from list.

Christian

Hello Kris Mortensen,

you might occasionally encounter this and a few other (false positive) detections with shadow copies of the pagefile or "database" (e.g. *.edb) files. These can safely be ignored acknowledged. From the console select the affected endpoints, right-click, Resolve alerts and errors ... → select and Acknowledge. Or from the local GUI's Quarantine manager select and Clear from list.

Christian

Thanks for getting back with me! I am hoping for something besides a manual acknowledge; I would be spending a lot more time in the console than I really want to at that point. I see your point about not ignoring them, but at this point they are all false positives and because of that I need to ignore them. Is there a better way to tune the false positives out?

Hello ,

not really. Do you have that many alerts? I have some 5000 endpoints and I had not more than a handful of these alerts in the last year. Guess it'd be safe to add an exclusion for the shadow copy (like \\.\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\pagefile.sys), can't say if it'd help.

Christian

Hi Kris

Did you ever find a solution to this? I also have this problem