How can I exclude a false positive for onepkg files if the Hash and Path is different for each user?

Hi Marvin,

Thanks for reaching out. 

Have you tried creating a wildcard exclusion for ".onepkg" files? I suggest checking our documentation on Wildcards to assist with this. 

Something like the entry below may work, but you may want to make the exclusion more specific to your file structure so that additional files are not unintentionally permitted.
- %USERPROFILE%\Downloads\*.onepkg

Hi Marvin,

Thanks for reaching out. 

Have you tried creating a wildcard exclusion for ".onepkg" files? I suggest checking our documentation on Wildcards to assist with this. 

Something like the entry below may work, but you may want to make the exclusion more specific to your file structure so that additional files are not unintentionally permitted.
- %USERPROFILE%\Downloads\*.onepkg

To finally get it to work partially, I didn't specify a file path and just excluded *.onepkg and *.one.backupconsctruction globally regardless of the path.

What is happening now is that these files are still getting removed in Google Drive File Stream paths in Windows, these haven't been excluded because these Google backup files don't have file extensions so it is not recognized in my whitelist/exclusion. Here is an example:

Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\Jerome_Powell\AppData\Local\Google\DriveFS\118151419556526923308\content_cache\d14\d23\35055'

How can I solve this issue?

Hello Marvin,

Thank you for sharing the result. I would like your assistance logging a support case through our support portal and submitting a sample submission to this file for our lab team to remove the FP detection on this file/file type. Once created, share with me the case ID for us to monitor the status.