How can I exclude a false positive for onepkg files if the Hash and Path is different for each user?

Apr 17, 2023 8:19 PM
Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\greg_peterson\Downloads\Augustin MaryAnne 302642.onepkg'

How can I effectively exclude onepkg false positives across my organization when the path and hash are different for each user? From what I can see, those are the only options for exclusions.

Added TAGs
[edited by: Gladys at 3:09 AM (GMT -7) on 20 Apr 2023]
Parents Reply Children
  • To finally get it to work partially, I didn't specify a file path and just excluded *.onepkg and *.one.backupconsctruction globally regardless of the path.

    What is happening now is that these files are still getting removed in Google Drive File Stream paths in Windows, these haven't been excluded because these Google backup files don't have file extensions so it is not recognized in my whitelist/exclusion. Here is an example:

    Manual malware cleanup required: 'Mal/OneBad-A' at 'C:\Users\Jerome_Powell\AppData\Local\Google\DriveFS\118151419556526923308\content_cache\d14\d23\35055'

    How can I solve this issue?

  • Hello Marvin,

    Thank you for sharing the result. I would like your assistance logging a support case through our support portal and submitting a sample submission to this file for our lab team to remove the FP detection on this file/file type. Once created, share with me the case ID for us to monitor the status. 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids