Jump to content

Some Quarantined Files Do Not Appear in GUI Quarantine List + Occasional Duplicate Forensic Log Line Items


hjlbx
 Share

Recommended Posts

EAM *.7838

Windows 10 Pro 1703 OS Build 15063.540 x64

1. Extract malware pack

2. Files are detected by File Guard real-time protection

3. Detected files are auto-quarantined and added to the Quarantine folder with .EIQF extension

4. Not all detected and auto-quarantine files appear in the GUI Quarantine list

5. Also some event logging quirks appeared in the Forensic Log during the process of detection and auto-quarantine

There are occasional duplicate entries.  The Component\Action sequences are OK.

In the image below, take note of duplicate, identical line items for:

  • xls.xls (there is a duplicate "infection quarantined")
  • JbhbUsFs.exe (there is a double behavior blocker detection and Core notification)

Minor GUI stuff; the applicable protections themselves are working.

Cap5.PNG

11-8-17_6.7z

Link to comment
Share on other sites

  • 3 months later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...