Ian Brown
2017-07-03 03:14:47 UTC
It looks like the rootkit detector is going nuts over alternative data
streams that Windows is creating by default. See:
https://superuser.com/questions/1199464/alternate-data-stream-win32app-1-attached-to-a-large-number-of-folders
Apparently in Windows 10 the "Storage Service" is creating these streams.
Is it possible to modify the rootkit detector to ignore alternative data
streams named "Win32App_1" that have no data?
streams that Windows is creating by default. See:
https://superuser.com/questions/1199464/alternate-data-stream-win32app-1-attached-to-a-large-number-of-folders
Apparently in Windows 10 the "Storage Service" is creating these streams.
Is it possible to modify the rootkit detector to ignore alternative data
streams named "Win32App_1" that have no data?
--
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
---
You received this message because you are subscribed to the Google Groups "ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+***@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.