Not running Windows anyway, so I've already taken the opportunity to disable this rule entirely. Still, figured it was worth reporting an "out-of-the-box" false positive, as per the documentation in crs-setup.conf.
It looks like the word "Call" on a new line (following "\x0a") is triggering the rule. Relevant portion of audit logs follow.
Not running Windows anyway, so I've already taken the opportunity to disable this rule entirely. Still, figured it was worth reporting an "out-of-the-box" false positive, as per the documentation in crs-setup.conf.
It looks like the word "Call" on a new line (following "\x0a") is triggering the rule. Relevant portion of audit logs follow.
Audit Logs / Triggered Rule Numbers
Your Environment
Confirmation
[x] I have removed any personal data (email addresses, IP addresses, passwords, domain names) from any logs posted.