Deployment Architecture

Splunk Fish Bucket indicating Virus

indra_wijaya
Engager

Hi Guys,

I have a problem related to Splunk Fishbucket..
When I run my full scan on Splunk server, it found a Trojan on the fishbucket folder.
C:\Program Files\Splunk\var\lib\splunk\fishbucket\4069420869.tmp

Any idea why this is indicated as a Virus?

Tags (1)
0 Karma
1 Solution

adamw
Communicator

It's likely there used to be a virus with a similar file name, ending in tmp. Some AV programs trigger on any tmp file not actually in the Windows tmp/temp folder, but this is likely a false positive.

View solution in original post

indra_wijaya
Engager

Hi adamw,

Thank you for your reply.. So this is just a false positive alert.. I see then.. Thank you for your response..

0 Karma

adamw
Communicator

It's likely there used to be a virus with a similar file name, ending in tmp. Some AV programs trigger on any tmp file not actually in the Windows tmp/temp folder, but this is likely a false positive.

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...