ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

Reply
Highlighted

ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

I have found thousands of files starting with ZZZZZ* and !!!!!* on my HDD. It seams to be related to Traps activity.

I'm unable to delete this files because Traps don't allow for that.

 

I checked my system with few antiviruses and nothing was found.

 

Google sugest that this is related with Traps Bug.

Community Manager

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

 

hi @Pawel_Kaczanowski

 

I recommend reaching out to support as they will be able to confirm the issue and help resolve it if it is related to an issue with Traps, and probably also help you troubleshoot if it is not related to traps

 

please keep us posted on your situation as it may help other people if they encounter this issue


Help the community: Like helpful comments and mark solutions
Reaper out
L7 Applicator

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

Yes, this is a Traps issue.  The files you see are dummy/decoy files related to the anti-Ransomware capabilities introduced in Traps v4.1.0.  Under normal conditions, you're not supposed to see these files.  TAC should be able to help you figure out what's not working properly.  

L2 Linker

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

Hello,

 

I found those files in my computer when I perform on-demand scan with my AV, using CMD I couldn't find them, but using Power Shell that was possible, then I asked to support for that, the answer:

 

"those files are a tramp injected by paloalto traps, that works when is a new ransomware, the ransomware try to encrypt the files and traps catch it and block the ransomware."

 

So I put that concept on the run in effect, traps stop the action. Please look at the picture attached.

traps.PNG

Regards,

wtobar

KS
L2 Linker

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

Files and folders with ZZZZZ* or !!!!!* may be displayed not only in PowerShell but also in programs that use file/folder dialog boxes.

I am experiencing it with some text editors.

In order not to display it, you need to add a rule to disable Anti-Ransomware Protection for the program in which it appears.

L1 Bithead

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

It would have been nice, if Palo Alto, had put a notice about this SOMEWHERE, during the Traps installation maybe...

...maybe a nice picture of Admiral Ackbar warning us about these files.

 

I've just lost 2 half days trying to find SOMETHING to clean up this !!!!! and ZZZZZ mess left by my-imagined mystery malware!

 

Only to find out it is a "red-herring" created by Traps!

 

These things are hidden very well, with only System and Guest having special permissions... BUT some applications or file-dialog windows show them... leading one to think something is wrong... when it isn't.

 

The file manager "File Voyager" shows them clear as day.

The file manager "File Locater Lite" shows them in the results of searches.

 

L2 Linker

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

The information about the files created for the Anti-Ransomware module was shared in the Traps 4.1 documentation under new features. Palo is rapidly adding new features to Traps so I highly advise you review that section of the documentation before you upgrade. If you have the resources for a UA environment where you can keep several handfuls of production machines that will help as well.

 

https://www.paloaltonetworks.com/documentation/41/endpoint/newfeaturesguide/security-features/anti-r...

 

L1 Bithead

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

That's great, but not all of us front-line administrators get access to...

A.) the administrative features of Traps.

B.) any of the documentation.

 

Some of us front-line administrators merely get told... "Use this.  It has been tested."

We just install it, or uninstall it, or look at the limited interface the client-end-point product has.

 

AND remember all those installations already done... when the chief administrator controlling the Traps server said "okay"... all those installations automatically updated... so us front-line guys don't even know when those are updating.

 

AND it is a COMMON cultural joke, that men DON'T READ the manual first... 

So to expect that behavior, even if you are just saying for legal reasons... 

...that expectation is poorly made.

 

Many pieces of software announce "New features!" during the installation.

Something like this would be good to put there.

A simple graphic showing: 

 

!!!!! and ZZZZ <--- Don't Panic! 

Traps created these!

 

That's all you need to do during the install...

 

L0 Member

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

on every USB Stick or HDD you plug in, you will get the files on it.

 

That´s not i want to have!!!

 

How can i disable these zzzz !!!! Files on removeble storage devices ?

L0 Member

Re: ZZZZZ* and !!!!!* - thousands of that kind of files on HDD

These files are only virtual and are pretended to be Windows processes by the Traps processes. None of these files and folders are physically located on a disk.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!