Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 6 subscribers
  • Views 2234 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

tmp.edb hidden but not recommended for removal

bizwax

Just ran a scan on a Win7 system that has been behaving badly. One unknown file free Sophos found "hidden" in the Windows/softwaredistribution/datastore/log dir called "tmp.edu" cannot be seen in the folder view even when the view hidden files option is ticked. Funny it seemed every link to info about this file was dead on answer.microsoft.com. Probably nothing, but wondering if sophos has shown this file to others.  Sophos suggests not cleaning this file.

Thanks

:1002957


This thread was automatically locked due to age.
Parents
  • 0

    Hi bizwax,

    What detection name came up for that file?

    The Free MacSAV HE product contains the same detection engine as our enterprise Windows SAV product, so we detect rootkits such as TDSS if they're leaving accessible files anywhere.  However, this could just be a legitimate temp file that's being detected due to the method of mounting and scanning the drive.  Without more information I couldn't say for sure.

    :1003025
Reply
  • 0

    Hi bizwax,

    What detection name came up for that file?

    The Free MacSAV HE product contains the same detection engine as our enterprise Windows SAV product, so we detect rootkits such as TDSS if they're leaving accessible files anywhere.  However, this could just be a legitimate temp file that's being detected due to the method of mounting and scanning the drive.  Without more information I couldn't say for sure.

    :1003025
Children
No Data