VSE 8.8 - Deletes Legitimate Folder Contents on Zip Detection - Ransom-FAXG!59B6B3A45AFD
I have a bit of an issue....Not sure if it’s a setting or just an odd ball...
I had an admin user save a zip file while his AV was disabled or the MacAfee dat was not up to date, as i believe this to be a "newer" detection from my brief research. This zip file was located in a legitimate subfolder that contained other legitimate files. Mainly a bunch of Excel Documents, MDB's, & Plain text files and other subdirectories, these files are not the files in the zip, these are separate files. When the zip file is detected, it is deleted & quarantined; it also deletes all files and folders in the same folder structure. I can restore the quarantine, and it restores the zip file and the other documents. However once the zip file is detected, it deletes all files in the folder in which it lives. If i disable MacAfee on access scanner, do a restore from quarantine, copy the good files out to another location, and re-enable the scanner, the new folder which contains the documents with no zip is good, and the one with the zip file then deletes the Folder structure.
Also, I have downloaded the EICAR_Test Files and tried to recreate with these, could not get the same actions to happen....
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.