@Former Member @AjaySundar
I got an user with the below error. I wanted to know on what scenario the issue occurs.
Solved! Go to Solution.
Hi @vnaidu,
This event indicates that a file with two extensions (such as readme.txt. exe) was run. This poses a security risk, because such files are often viruses or Trojan horses.
For example, a file might be named "Readme.txt. exe," with the second extension not visible in Windows Explorer because of spaces separating the first and second extension. In this example, a user might think that such a document was a text file and double-click it, thus unintentionally launching the Trojan horse application.
To execute legal programs that contain multiple extensions (such as a known file named good_program-1.txt.exe), either rename the file to avoid multiple dots in the file name (for example, good_program-1_txt.exe), or create an exception for this security event so that your trusted file is exempt from triggering this signature.
I hope this helps.
Regards,
AJ
Good day to you!
The target file here has double extensions .com and .exe hence the EP rule got triggered.
Regards,
AJ
Can you help me with more precise information, as to how McAfee decides on what logic this triggers, I need a detailed explanation.
Thanks a ton in advance.
Hi @vnaidu,
This event indicates that a file with two extensions (such as readme.txt. exe) was run. This poses a security risk, because such files are often viruses or Trojan horses.
For example, a file might be named "Readme.txt. exe," with the second extension not visible in Windows Explorer because of spaces separating the first and second extension. In this example, a user might think that such a document was a text file and double-click it, thus unintentionally launching the Trojan horse application.
To execute legal programs that contain multiple extensions (such as a known file named good_program-1.txt.exe), either rename the file to avoid multiple dots in the file name (for example, good_program-1_txt.exe), or create an exception for this security event so that your trusted file is exempt from triggering this signature.
I hope this helps.
Regards,
AJ
Thank you for the explanation, that is what I was expecting to be in my situation.
Thanks again Ajay,
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA