Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1010 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suspicious files found in _restore A00xxxxx.exe

HHCCarl

Sophos enterprise console keeps reporting files in the C:\System Volume Information\_Restore\.... Files that look like A00xxxxx.exe and A00xxxxx.dll. They are reported as suspicious files Sus\UnkPacker. Question is are these files really ok? (should I acknowledge them) or are they truly "bad" and should I turn off system restore? Thank You

:17699


This thread was automatically locked due to age.
Parents
  • 0

    Hello HHCCarl,

    Sus\Unk... is "just" suspect. Usually there is a preceding alert (which might have been some time ago) report for the original files. When files a written to a restore point the are renamed, the numbers are sequential but the original extension is kept. If you really want to know whether they are good or bad you'd have to pack them up and send them in to Support. You probably have to modify the security settings for C:\System Volume Information .

    Christian

    :17705
Reply
  • 0

    Hello HHCCarl,

    Sus\Unk... is "just" suspect. Usually there is a preceding alert (which might have been some time ago) report for the original files. When files a written to a restore point the are renamed, the numbers are sequential but the original extension is kept. If you really want to know whether they are good or bad you'd have to pack them up and send them in to Support. You probably have to modify the security settings for C:\System Volume Information .

    Christian

    :17705
Children
No Data