Lynx

False Execution Alert

Recommended Posts

Greetings!

Recently (5 days ago) I’ve posted FP request , which was ignored as several other enquiries

Fine. I can live with that

At the same time, today I created a copy of the said text file (see the link above) & just renamed it changing a typo (Polocies to Policies) & removing <>.txt additional extension.

After simple file renaming I’ve got “OnExecution” Alert (see attached image)

Why?

The file was opened/accessed/the name was changed, but I’ve never used “onAccess” option since it was introduced by EAM and never will.

Sure my response was - “Allow”/& No for creating any rule

What kind of execution was that ?

Any clue? TIA

Share this post


Link to post
Share on other sites

Hi Lynx,

The problem is that there is no way to reliably detect the "execution" of file formats that aren't executed by Windows natively but that interpreted or emulated by helper processes instead. That is the reason why any read access to any file with one of the following extensions is treated as an execution attempt:

  • .VBS
  • .REG
  • .WSH
  • .COM
  • .BAT
  • .INI
  • .CMD
  • .VBE
  • .JS
  • .JSE
  • .HTA
  • .WSF
  • .SHS
  • .SHB

Hope that clears things up.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.