Decoy Notifications
We have enabled Decoy files on a lot of endpoints and this seems to be generating false positives.
Is there a way to prevent these from being sent or at least categorically identify these as decoy detections and avoid unnecessary notifications?
Notification details as follows:
Name: Trj/RansomDecoy.A
Path: TEMP|\489314D86C55A948A225789DB7A93229_000000004D5F663E.tmp
Hash: 865C0C0B4AB0E063E5CAA3387C1A8741
0
Sign In to comment.
Comments
I have just send a PM to you, let me know if you do have any further issues.
David
David Carro | Technical support
WatchGuard Technologies, Inc. | www.watchguard.com
Hi, we're having the same issue. How was it resolved?
Kind regards,
Alessandro
Hi, Cicciopalla.
I have just sent you a PM.
David
I have the same issue with Panda,
Hi BillyBrannum153,
I am sending you a PM
Regards,
Carmen Gomez| Technical support
WatchGuard Technologies, Inc. | www.watchguard.com
I have the same issue
Hi, mchavez
PM sent.
Let us know if there are further issues.
Hi mchaves
I am sending you a PM
Regards,
Rosa
Hi,
we have the same messages on endpoint protection clients.
Regards,
Mark
Morning,
Anyone experiencing this issue please open a case with support by clicking the support center link at the top of this page.
Thanks for your collaboration.
Regards,
Carmen Gomez| Technical support
WatchGuard Technologies, Inc. | www.watchguard.com
We´ve got the same "problem".
So it´s still not resolved.
Hi, ottl05,
Please create a support case by clicking on the support center link at the top of this page.
Please include your client ID and contact info so we can study your case in depth.
Kind Regards,
David
David Carro | Technical support
WatchGuard Technologies, Inc. | www.watchguard.com
Hi David,
I'm having the same issue. Should I send you a PM or send a email to support@watchguard.com?
Thanks!
Hi @KLAW
Sending an email or opening a support case via the support center button at the top of this page will get you in contact with the support team. if you're experiencing this issue, please do which ever method you prefer.
-James Carson
WatchGuard Customer Support
Hi, we're having the same issue. How was it resolved?
Hello All,
When we deployed Decoy Files Feature, we had some false detections due to programs interacting with our decoy files. Those where solved by changing the conditions for triggering detections
If at this point in time, you do have detections on the decoy files, we do have to study the cases independently, as it might be related to a completely different issue, and the source probably is completely different.
Please create a support case by clicking on the support center link at the top of this page.
Please note your client ID and contact details, so we can study your case in depth.
Kind Regards,
David
David Carro | Technical support
WatchGuard Technologies, Inc. | www.watchguard.com
Hi, we're having the same issue. How was it resolved? I have Panda end point Kind regards,
Hi @EduardsB
There's quite a few different factors - I'd suggest creating a support case so that we can look into your issue specifically.
-James Carson
WatchGuard Customer Support