FolderScanUltra detected by CrowdStrike as malware

MaximumOctopus / FolderScanUltra

Console based folder/drive scanner. Many report types, detailed output, compare, can store results in a database.

MIT License

1 stars 0 forks source link

FolderScanUltra detected by CrowdStrike as malware #2

Open pauldurham opened 3 months ago

pauldurham commented 3 months ago

Hi Paul,

I am the IT End User Computing lead for our company and we have CrowdStrike deployed on all PC's. I just ran FSU 5.10 on Windows 11 Enterprise with the below parameters and it trigger CrowdStrike to block its activity and flag it as malware. The FSC.exe and related files were not themselves detected as risky while at rest (i.e. not being executed).

fsu.exe c:\ /sum /users /extensions

Just letting you know so you can possibly work around this.

Thanks.

MaximumOctopus commented 2 months ago

Thanks for letting me know. I'll do some investigating...!

pauldurham commented 2 months ago

No problem. Let me know if you wish me to test an updated version.

MaximumOctopus commented 2 months ago

Thanks again. I've reached out to the CrowdStrike false positive team. I think it's possibly down to the application's "excessive" calls to the Windows API functions FindFirstFileW() and FindNextFileW(), but I'm not 100% sure, though I can't think of anything else it could be.