搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Difficult to investigate AV flagging infections from within cache2\entries\

  • 3 回覆
  • 0 有這個問題
  • 1 次檢視
  • 最近回覆由 han_nosolo

more options

Hi all,

Seeing a few files getting flagged by AV from within the \appdata\...\cache2\entries\ location, trouble is cannot investigate further / quarantine / whitelist, because of the nature of the cached files, rendered as a series of letters/numbers, without extension... they also appear to be auto-deleted before it's possible for AV to interrogate further.

Presuming chances are these are false-positive flags, but would be good to be able to verify this one way or another.

Similar files seem to exist for Firefox users generally, but vast majority are not currently flagged.

Any thoughts/ideas/similar experiences appreciated...

Hi all, Seeing a few files getting flagged by AV from within the \appdata\...\cache2\entries\ location, trouble is cannot investigate further / quarantine / whitelist, because of the nature of the cached files, rendered as a series of letters/numbers, without extension... they also appear to be auto-deleted before it's possible for AV to interrogate further. Presuming chances are these are false-positive flags, but would be good to be able to verify this one way or another. Similar files seem to exist for Firefox users generally, but vast majority are not currently flagged. Any thoughts/ideas/similar experiences appreciated...
附加的畫面擷圖

所有回覆 (3)

more options

I should probably add: cache clearing, reset, clean, re-install of Firefox and manual deletion of folders, does not necessarily help resolve this - flags can still return after reinstall.

Currently 'best solution' seems to be cache set to clear on browser closing, but wondering if more effective solution possible to avoid this as an ongoing issue, where the usual AV investigation not possible.

more options

What AV software do you have?

That is likely a false positive as this is a file in the Firefox disk cache folder, see:

more options

Hi cor-el,

Thanks for your reply - Yeah this does seem to be most likely, we're using Heimdal and I'm in touch with them about it, but the difficulty is there doesn't appear to be an easy way to confirm one way or another, and so repeat alerts create noise in terms of AV flagging, and potential difficulties for users where auto AV protections kick in on flagging - For example, some user restrictions can be triggered by AV flags.

Ordinarily AV analysis might allow interrogation of the flagged file, but in this case there seems to be no way to achieve this... unclear if there's currently a way round this, but thought I'd ask as could become a more common issue with heuristic ID'ing of potential threats.