You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@dougburks definitely the same, very strange that this is being created constantly. So the real question should be, how can we weed out those valid streams from the scans?
OSSEC HIDS reports this
In this and a few other folders.
I have confirmed that no alternative data streams are set with
The folders that OSSEC HIDS find have the same thing in common, they have the "a" attribute set to them.
This can be seen also in the properties for the folder under advanced, there "Folder is ready for archiving" is ticked.
Is this a bug in the client? and if so, is it properly tracking alternative data streams at all?
The text was updated successfully, but these errors were encountered: