5 Replies Latest reply on Feb 17, 2014 4:06 AM by david(k)

    Access Protection Rule - Adobe Z@R .tmp PDF File Internet Explorer

    pwolfe

      Has anyone ever came up with a good work around for the alert dealing with Adobe 9 Z@ xxx .tmp files being created when opening / printing a PDF within IE?

       

      This creates a significant amount of alerts / events, and I would prefer not to exclude Iexplore.exe from the rule - Common Standard Protection:Prevent common programs from running files from the Temp folder

       

      ** also I have not tested this with Adobe X (10) - Does anybody know if this is still the case?

       

       

       

      Threat Source Process Name:C:\Program Files\Internet Explorer\IEXPLORE.EXE
      Threat Source URL:
      Threat Target Host Name:XXXXXX
      Threat Target IPv4 Address:XXXXXX
      Threat Target IP Address:XXXXXX
      Threat Target MAC Address:
      Threat Target User Name:XXXXXX
      Threat Target Port Number:
      Threat Target Network Protocol:
      Threat Target Process Name:
      Threat Target File Path:C:\Documents and Settings\XXXXXX\Local Settings\Temp\Z@R95.tmp
      Event Category:'File' class or access
      Event ID:1092
      Threat Severity:Notice
      Threat Name:Common Standard Protection:Prevent common programs from running files from the Temp folder
      Threat Type:access protection
      Action Taken:deny execute
      Threat Handled:true
      Analyzer Detection Method:OAS

       

       

      Patrick