It looks like the rootkit detector is going nuts over alternative data 
streams that Windows is creating by default.  See: 
https://superuser.com/questions/1199464/alternate-data-stream-win32app-1-attached-to-a-large-number-of-folders

Apparently in Windows 10 the "Storage Service" is creating these streams.

Is it possible to modify the rootkit detector to ignore alternative data 
streams named "Win32App_1" that have no data?

-- 

--- 
You received this message because you are subscribed to the Google Groups 
"ossec-list" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to ossec-list+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to