hjlbx

CLOSED Some Quarantined Files Do Not Appear in GUI Quarantine List + Occasional Duplicate Forensic Log Line Items

Recommended Posts

EAM *.7838

Windows 10 Pro 1703 OS Build 15063.540 x64

1. Extract malware pack

2. Files are detected by File Guard real-time protection

3. Detected files are auto-quarantined and added to the Quarantine folder with .EIQF extension

4. Not all detected and auto-quarantine files appear in the GUI Quarantine list

5. Also some event logging quirks appeared in the Forensic Log during the process of detection and auto-quarantine

There are occasional duplicate entries.  The Component\Action sequences are OK.

In the image below, take note of duplicate, identical line items for:

  • xls.xls (there is a duplicate "infection quarantined")
  • JbhbUsFs.exe (there is a double behavior blocker detection and Core notification)

Minor GUI stuff; the applicable protections themselves are working.

Cap5.PNG
Download Image

11-8-17_6.7z

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.