Jump to content
redahan

Non binary log file from cloud provider

Recommended Posts

Windows machine

harmless log of sync activity with one of the most secure cloud providers - text only not attaching as it has plain language details of my sync activity

MW got spooked by it despite it being there for 11 days (the logs get archived and renamed .1, .2 etc)

offending filename is user/appdata/local/sync.logs/sync-refresh.log

Share this post


Link to post
Share on other sites

Hi,

I really need more info.

Do you mean we detect the sync-refresh.log file?

Can you zip and attach the detection log? (please no screenshot, but the log where this detection is displayed)

Thanks!

Share this post


Link to post
Share on other sites
4 minutes ago, miekiemoes said:

Do you mean we detect the sync-refresh.log file?

exactly which is very silly

4 minutes ago, miekiemoes said:

Can you zip and attach the detection log?

no, as I said, it is a plain language log file of sensitive details

Share this post


Link to post
Share on other sites

I mean the detection log file where the detection is displayed.

This so we have a better idea as what it is detected, (what RuleID) (so we can figure out why it was detected), so we also know what detection rule we need to review.

Share this post


Link to post
Share on other sites

Hi,

Are you sure this is a log and not a binary/PE file? Because the machinelearning engine that is detecting this only supports detecting PE files.

Please note that it doesn't mean, because it has a .log extension, that it can't be a PE file, as you can rename any file to something different.

Share this post


Link to post
Share on other sites

Yes, plain text log.
Standard stuff.
Whitelisted.
I will alert the cloud company that MW doesn't like their log files.

Share this post


Link to post
Share on other sites

This is really impossible on a logfile, because, as I said in above, our Machinelearning engine only supports detection of PE Files.

But given you can't provide this "log-file", there's no way I can check it out either/reproduce this.

Please let the cloud company know about this and have them contact us if they are seeing the same, but I really doubt they do, because we would have heard about this for a while already.

Thanks!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.