Is this resolution still valid? (WAX***.TMP)

In this discussion it turns out that the alarm was recognised as false. ( WAX***.TMP)

So is this resolution still valid, where F-secure product recognises a WAX*.tmp -file as trojan? The WAX*.tmp file can't be found.

Answers

  • Ukko
    Ukko Posts: 3,611 Superuser

    Hello,

    I think it is not necessary that "WAX*.tmp" belongs to a certain application or process. However, even by search web - it is a quite popular pattern name for .tmp files under Windows/TEMP. So, based on this and previous topic - likely still false positive (if to assume that those temporary files created by 'one' application with all situations).

    But good to know a bit more about your experience. For example, what is exact detection name? Did you run Full Scan as double check against other detections? Could you check some installation applications / addons / extensions against 'tricky / suspicious' ones. And, for example, to find out when detection flyer is appeared (whether a certain application is launched or so)?

    And, actually, F-Secure solutions with some changes in detection logic / abilities - thus, good to contact them about this subject. If your quarantine with these detected items - then, for example, to create "dump" from Quarantine - How can I recover quarantined items from quarantine manually? - F-Secure Community (f-secure.com)

    And to transfer for re-analysis - https://www.f-secure.com/en/business/support-and-downloads/submit-a-sample

    In general, ".tmp" can be anything and there cannot be decision only on its name. If detection for these files (previously marked as "false positive") is back - can be so and it is a likely situation.

    Thanks!

This discussion has been closed.
Pricing & Product Info