weird file in device with TRAPS

Reply
Highlighted
L3 Networker

weird file in device with TRAPS

Hello,

We have devices with TRAPS and we has found files with strange names as !!!!!!!!* and zzzzz*.

I we try to modify or execute we get anti-ransomware alert.

this files are normal? could be a bug? Capture.JPG

 

 


Accepted Solutions
Highlighted
Cyber Elite

@Marivi,

This is not a bug and they are supposed to be present. These files aid in Trap's ability to detect Randsomware, which is why you are getting the alert when you attempt to touch them. 

View solution in original post

Highlighted
L3 Networker

@BPry is correct,

 

these solution make random files that are first and last in directories and any modifidcations to them is considered a ransomware activity, you can hide these files from display  by not showing hidden files in the explorer.

 

~HTH

View solution in original post

Highlighted
Cyber Elite

@Marivi,

PowerShell by default will see hidden files; users by default will not see hidden files. See below

Capture.PNGCapture1.PNG

View solution in original post


All Replies
Highlighted
Cyber Elite

@Marivi,

This is not a bug and they are supposed to be present. These files aid in Trap's ability to detect Randsomware, which is why you are getting the alert when you attempt to touch them. 

View solution in original post

Highlighted
L3 Networker

@BPry is correct,

 

these solution make random files that are first and last in directories and any modifidcations to them is considered a ransomware activity, you can hide these files from display  by not showing hidden files in the explorer.

 

~HTH

View solution in original post

Highlighted
L3 Networker

hello, please could you help me with this doubt? i would like to know if this files should be hidden or is normal that an user with provileges from powershell can see them.

Highlighted
Cyber Elite

@Marivi,

You would be able to see these files from PowerShell if your doing an ls action or something similar. 

L3 Networker

thanks, but them is normal that an user is able to see them o must be hidden?

Highlighted
Cyber Elite

@Marivi,

PowerShell by default will see hidden files; users by default will not see hidden files. See below

Capture.PNGCapture1.PNG

View solution in original post

Highlighted
L0 Member

Hi

 

Working with Docker Desktop the weird files are NOT ok, bad behavior.

If you step into the windows containers with PowerShell you see the weird files, and not at all manageable.

 

https://github.com/docker/for-win/issues/5132

 

Bart

Tags (2)
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!