Technology Tips and News
Since monday we receive a lot of false alerts from Systemcenter Endpoint Protection. Win32/Kadena.gen!plock is detected on some clients in the c:\users\<username>\appdata\local\temp folder and the files are OLK(randomnumber).tmp and is created by Outlook.exe
endpoint on the client detects and can not clean because the TMP file is deleted by outlook. The error in the history is:
Error:0x80508023
items: File:c:\users\< Username>\Appdata\local\temp\OLK3DEF.TMP
You can report a false positive at the link below by choosing "I believe this file should not be detected as malware" and providing the necessary details:
https://www.microsoft.com/security/portal/submission/submit.aspx
Thanks, but the problem is that the temp file is deleted by Outlook before it is placed in quarantaine by Endpoint Protection so i have no file to submit.
You could try disabling Endpoint Protection or creating an exclusion for a test machine so it will not detect the file/behavior, and then reproduce the action in Outlook that causes the .tmp file(s) to be created. I know you said the file is being deleted by Outlook, but perhaps it is actually the interaction between EP and Outlook that is causing the file to be deleted too quickly. Anyway, it's just something to try.
Ultimately, if you are unable to submit a file sample, I suppose you would have to open a support case.
You could try disabling Endpoint Protection or creating an exclusion for a test machine so it will not detect the file/behavior, and then reproduce the action in Outlook that causes the .tmp file(s) to be created. I know you said the file is being deleted by Outlook, but perhaps it is actually the interaction between EP and Outlook that is causing the file to be deleted too quickly. Anyway, it's just something to try.
Ultimately, if you are unable to submit a file sample, I suppose you would have to open a support case.
You could try disabling Endpoint Protection or creating an exclusion for a test machine so it will not detect the file/behavior, and then reproduce the action in Outlook that causes the .tmp file(s) to be created. I know you said the file is being deleted by Outlook, but perhaps it is actually the interaction between EP and Outlook that is causing the file to be deleted too quickly. Anyway, it's just something to try.
Ultimately, if you are unable to submit a file sample, I suppose you would have to open a support case.
You could try disabling Endpoint Protection or creating an exclusion for a test machine so it will not detect the file/behavior, and then reproduce the action in Outlook that causes the .tmp file(s) to be created. I know you said the file is being deleted by Outlook, but perhaps it is actually the interaction between EP and Outlook that is causing the file to be deleted too quickly. Anyway, it's just something to try.
Ultimately, if you are unable to submit a file sample, I suppose you would have to open a support case.
You could try disabling Endpoint Protection or creating an exclusion for a test machine so it will not detect the file/behavior, and then reproduce the action in Outlook that causes the .tmp file(s) to be created. I know you said the file is being deleted by Outlook, but perhaps it is actually the interaction between EP and Outlook that is causing the file to be deleted too quickly. Anyway, it's just something to try.
Ultimately, if you are unable to submit a file sample, I suppose you would have to open a support case.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier