(imported topic written by Badaz0691)
Sorry for the intrusion, not a bigfix user but am supporting a bigfix customer. We have an A/V product installed with which we can setup and monitor files being accessed. In this particular instance, we’ve set the file up to block any execute or write action, although read and access is permitted. It seems during the scans, the particular file is being not just viewed, but that the exe is being opened, which is the same as an execution, so the A/V is kicking off an alert. (using Filemon we saw this)
Is this something particular to the way the customer has the scan setup within BigFix, or is it SOP? Any idea on where I can get some literature if need be, so I can dig deeper down into this?
TIA!
Jeff