TP149 - is Recent events working correctly?

Lord_Ami

So in VM I tend to test protection capabilities. Now, I have password protected archive with malware inside and as soon as I extract it, FS deleted 3 files right away.

Original archive contents: http://snag.gy/EsL6U.jpg

 

It leaves 4 files as shown here:

http://snag.gy/0nKij.jpg

 

Now, the Recent events shows only 1 file detected

http://snag.gy/JA6qn.jpg

 

After running remaining files, they are blocked and it's visible from the UI

http://snag.gy/u9xlP.jpg

 

 

Am I doing something wrong? Where are 2 files that were supposed to be blocked (but not shown in log)?

I have the archive ready if you need it (I won't post here as it may be prohibited to distribute malware).

 

Ukko

Hello,

 

Sorry for my reply.

Maybe if I normally understand your situation.... it's can be related with my next "experience about explanation... why it's work like that" and maybe situation not as design (?!).

 

https://community.f-secure.com/t5/Home-Security/TP146-Windows-client-release/m-p/74118/highlight/true#M2463

 

About part of "Many detections per moment."

 

Sorry again.

Thanks.

Lord_Ami

Thanks, seems to be the same issue. Mine is a bit different since from extraction, some files that are deleted are visible from the Events but some are not. Even thou I Close that window