TP149 - is Recent events working correctly?

Lord_Ami
Lord_Ami Posts: 70 Active Engager

So in VM I tend to test protection capabilities. Now, I have password protected archive with malware inside and as soon as I extract it, FS deleted 3 files right away.

Original archive contents: http://snag.gy/EsL6U.jpg

 

It leaves 4 files as shown here:

http://snag.gy/0nKij.jpg

 

Now, the Recent events shows only 1 file detected

http://snag.gy/JA6qn.jpg

 

After running remaining files, they are blocked and it's visible from the UI

http://snag.gy/u9xlP.jpg

 

 

Am I doing something wrong? Where are 2 files that were supposed to be blocked (but not shown in log)?

I have the archive ready if you need it (I won't post here as it may be prohibited to distribute malware).

 

Comments

This discussion has been closed.