This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to exclude \FILE:0000 ?

Every night a task is run by some of the developers here. An alert is generated for:

Virus/spyware 'Mal/FakeAV-CN' has been detected in "C:\Users\T7367~1.COM\AppData\Local\Temp\WAXB42C.tmp\FILE:0000"

I have tried to create a file base exclusion C:\Users\T7367~1.COM\AppData\Local\Temp\WAX?.tmp but this exclusion is failing, I assume, because of the \FILE:0000. When I try to change the file exclusion to a folder exclusion like this C:\Users\T7367~1.COM\AppData\Local\Temp\WAX?.tmp\ or ending with any wildcard like * or ? I receive an error. I also can not exclude FILE:0000 directly.

Is there any way to exclude this?

This thread was automatically locked due to age.

Parents

0 jak over 8 years ago

Are you able to capture the file and send it to SophosLabs. Presumably it's a false positive?

secure2.sophos.com/.../sample-submission.aspx

Regarding the exclusion:

C:\Users\T7367~1.COM\AppData\Local\Temp\WAX?.tmp

you could try:
C:\Users\T7367~1.COM\AppData\Local\Temp\WAX???????????????.tmp

The ? matches a single character. So I've added enough to hopefully cover the files that are generated.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 jak over 8 years ago

Are you able to capture the file and send it to SophosLabs. Presumably it's a false positive?

secure2.sophos.com/.../sample-submission.aspx

Regarding the exclusion:

C:\Users\T7367~1.COM\AppData\Local\Temp\WAX?.tmp

you could try:
C:\Users\T7367~1.COM\AppData\Local\Temp\WAX???????????????.tmp

The ? matches a single character. So I've added enough to hopefully cover the files that are generated.

Regards,

Jak
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data