Jump to content

False Execution Alert


Lynx
 Share

Recommended Posts

Greetings!

Recently (5 days ago) I’ve posted FP request , which was ignored as several other enquiries

Fine. I can live with that

At the same time, today I created a copy of the said text file (see the link above) & just renamed it changing a typo (Polocies to Policies) & removing <>.txt additional extension.

After simple file renaming I’ve got “OnExecution” Alert (see attached image)

Why?

The file was opened/accessed/the name was changed, but I’ve never used “onAccess” option since it was introduced by EAM and never will.

Sure my response was - “Allow”/& No for creating any rule

What kind of execution was that ?

Any clue? TIA

Link to comment
Share on other sites

Hi Lynx,

The problem is that there is no way to reliably detect the "execution" of file formats that aren't executed by Windows natively but that interpreted or emulated by helper processes instead. That is the reason why any read access to any file with one of the following extensions is treated as an execution attempt:

  • .VBS
  • .REG
  • .WSH
  • .COM
  • .BAT
  • .INI
  • .CMD
  • .VBE
  • .JS
  • .JSE
  • .HTA
  • .WSF
  • .SHS
  • .SHB

Hope that clears things up.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...