- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
ZZZZZ* and !!!!!* - thousands of that kind of files on HDD
- LIVEcommunity
- Collaboration
- Discussions
- Endpoint (Traps) Discussions
- ZZZZZ* and !!!!!* - thousands of that kind of files on HDD
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
ZZZZZ* and !!!!!* - thousands of that kind of files on HDD
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2017 04:18 AM
I have found thousands of files starting with ZZZZZ* and !!!!!* on my HDD. It seams to be related to Traps activity.
I'm unable to delete this files because Traps don't allow for that.
I checked my system with few antiviruses and nothing was found.
Google sugest that this is related with Traps Bug.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2017 04:27 AM
I recommend reaching out to support as they will be able to confirm the issue and help resolve it if it is related to an issue with Traps, and probably also help you troubleshoot if it is not related to traps
please keep us posted on your situation as it may help other people if they encounter this issue
PANgurus
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2017 06:27 AM
Yes, this is a Traps issue. The files you see are dummy/decoy files related to the anti-Ransomware capabilities introduced in Traps v4.1.0. Under normal conditions, you're not supposed to see these files. TAC should be able to help you figure out what's not working properly.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2017 11:10 AM
Hello,
I found those files in my computer when I perform on-demand scan with my AV, using CMD I couldn't find them, but using Power Shell that was possible, then I asked to support for that, the answer:
"those files are a tramp injected by paloalto traps, that works when is a new ransomware, the ransomware try to encrypt the files and traps catch it and block the ransomware."
So I put that concept on the run in effect, traps stop the action. Please look at the picture attached.
Regards,
wtobar
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-11-2017 04:42 PM
Files and folders with ZZZZZ* or !!!!!* may be displayed not only in PowerShell but also in programs that use file/folder dialog boxes.
I am experiencing it with some text editors.
In order not to display it, you need to add a rule to disable Anti-Ransomware Protection for the program in which it appears.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-15-2017 01:46 PM
It would have been nice, if Palo Alto, had put a notice about this SOMEWHERE, during the Traps installation maybe...
...maybe a nice picture of Admiral Ackbar warning us about these files.
I've just lost 2 half days trying to find SOMETHING to clean up this !!!!! and ZZZZZ mess left by my-imagined mystery malware!
Only to find out it is a "red-herring" created by Traps!
These things are hidden very well, with only System and Guest having special permissions... BUT some applications or file-dialog windows show them... leading one to think something is wrong... when it isn't.
The file manager "File Voyager" shows them clear as day.
The file manager "File Locater Lite" shows them in the results of searches.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-20-2017 05:55 AM
The information about the files created for the Anti-Ransomware module was shared in the Traps 4.1 documentation under new features. Palo is rapidly adding new features to Traps so I highly advise you review that section of the documentation before you upgrade. If you have the resources for a UA environment where you can keep several handfuls of production machines that will help as well.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-20-2017 07:26 AM
That's great, but not all of us front-line administrators get access to...
A.) the administrative features of Traps.
B.) any of the documentation.
Some of us front-line administrators merely get told... "Use this. It has been tested."
We just install it, or uninstall it, or look at the limited interface the client-end-point product has.
AND remember all those installations already done... when the chief administrator controlling the Traps server said "okay"... all those installations automatically updated... so us front-line guys don't even know when those are updating.
AND it is a COMMON cultural joke, that men DON'T READ the manual first...
So to expect that behavior, even if you are just saying for legal reasons...
...that expectation is poorly made.
Many pieces of software announce "New features!" during the installation.
Something like this would be good to put there.
A simple graphic showing:
!!!!! and ZZZZ <--- Don't Panic!
Traps created these!
That's all you need to do during the install...
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-21-2017 04:34 AM
on every USB Stick or HDD you plug in, you will get the files on it.
That´s not i want to have!!!
How can i disable these zzzz !!!! Files on removeble storage devices ?
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
12-21-2017 07:52 AM
These files are only virtual and are pretended to be Windows processes by the Traps processes. None of these files and folders are physically located on a disk.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
