weird file in device with TRAPS

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

weird file in device with TRAPS

L2 Linker

Hello,

We have devices with TRAPS and we has found files with strange names as !!!!!!!!* and zzzzz*.

I we try to modify or execute we get anti-ransomware alert.

this files are normal? could be a bug? Capture.JPG

 

 

3 accepted solutions

Accepted Solutions

Cyber Elite
Cyber Elite

@Marivi,

This is not a bug and they are supposed to be present. These files aid in Trap's ability to detect Randsomware, which is why you are getting the alert when you attempt to touch them. 

View solution in original post

L3 Networker

@BPry is correct,

 

these solution make random files that are first and last in directories and any modifidcations to them is considered a ransomware activity, you can hide these files from display  by not showing hidden files in the explorer.

 

~HTH

View solution in original post

@Marivi,

PowerShell by default will see hidden files; users by default will not see hidden files. See below

Capture.PNGCapture1.PNG

View solution in original post

7 REPLIES 7

Cyber Elite
Cyber Elite

@Marivi,

This is not a bug and they are supposed to be present. These files aid in Trap's ability to detect Randsomware, which is why you are getting the alert when you attempt to touch them. 

L3 Networker

@BPry is correct,

 

these solution make random files that are first and last in directories and any modifidcations to them is considered a ransomware activity, you can hide these files from display  by not showing hidden files in the explorer.

 

~HTH

L2 Linker

hello, please could you help me with this doubt? i would like to know if this files should be hidden or is normal that an user with provileges from powershell can see them.

@Marivi,

You would be able to see these files from PowerShell if your doing an ls action or something similar. 

thanks, but them is normal that an user is able to see them o must be hidden?

@Marivi,

PowerShell by default will see hidden files; users by default will not see hidden files. See below

Capture.PNGCapture1.PNG

Hi

 

Working with Docker Desktop the weird files are NOT ok, bad behavior.

If you step into the windows containers with PowerShell you see the weird files, and not at all manageable.

 

https://github.com/docker/for-win/issues/5132

 

Bart

  • 3 accepted solutions
  • 8778 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!