Decoy Notifications

We have enabled Decoy files on a lot of endpoints and this seems to be generating false positives.

Is there a way to prevent these from being sent or at least categorically identify these as decoy detections and avoid unnecessary notifications?

Notification details as follows:
Name: Trj/RansomDecoy.A
Path: TEMP|\489314D86C55A948A225789DB7A93229_000000004D5F663E.tmp
Hash: 865C0C0B4AB0E063E5CAA3387C1A8741

Comments

  • David_CarroDavid_Carro WatchGuard Representative

    I have just send a PM to you, let me know if you do have any further issues.

    David


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • Hi, we're having the same issue. How was it resolved?

    Kind regards,

    Alessandro

  • David_David_ WatchGuard Representative

    Hi, Cicciopalla.

    I have just sent you a PM.

    David

  • I have the same issue with Panda,

  • Carmen_GomezCarmen_Gomez WatchGuard Representative
    edited January 2023

    Hi BillyBrannum153,

    I am sending you a PM

    Regards,

    Carmen Gomez| Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • I have the same issue

  • David_David_ WatchGuard Representative

    Hi, mchavez
    PM sent.
    Let us know if there are further issues.

  • RosaRosa WatchGuard Representative

    Hi mchaves

    I am sending you a PM

    Regards,

    Rosa

  • Hi,

    we have the same messages on endpoint protection clients.

    Regards,

    Mark

  • Carmen_GomezCarmen_Gomez WatchGuard Representative
    edited February 21

    Morning,

    Anyone experiencing this issue please open a case with support by clicking the support center link at the top of this page.

    Thanks for your collaboration.
    Regards,

    Carmen Gomez| Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • We´ve got the same "problem".
    So it´s still not resolved.

  • David_CarroDavid_Carro WatchGuard Representative
    edited February 21

    Hi, ottl05,

    Please create a support case by clicking on the support center link at the top of this page.

    Please include your client ID and contact info so we can study your case in depth.

    Kind Regards,

    David


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • @David_Carro said:
    Hi, ottl05,

    Please send an email requesting support to:
    support@watchguard.com

    so we can study your case in depth.

    Kind Regards,

    David

    Hi David,

    I'm having the same issue. Should I send you a PM or send a email to support@watchguard.com?

    Thanks!

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @KLAW
    Sending an email or opening a support case via the support center button at the top of this page will get you in contact with the support team. if you're experiencing this issue, please do which ever method you prefer.

    -James Carson
    WatchGuard Customer Support

  • Hi, we're having the same issue. How was it resolved?

  • David_CarroDavid_Carro WatchGuard Representative
    edited February 21

    Hello All,

    When we deployed Decoy Files Feature, we had some false detections due to programs interacting with our decoy files. Those where solved by changing the conditions for triggering detections

    If at this point in time, you do have detections on the decoy files, we do have to study the cases independently, as it might be related to a completely different issue, and the source probably is completely different.

    Please create a support case by clicking on the support center link at the top of this page.

    Please note your client ID and contact details, so we can study your case in depth.

    Kind Regards,

    David


    David Carro | Technical support
    WatchGuard Technologies, Inc. | www.watchguard.com

  • Hi, we're having the same issue. How was it resolved? I have Panda end point Kind regards,

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @EduardsB
    There's quite a few different factors - I'd suggest creating a support case so that we can look into your issue specifically.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.