This post is more than 5 years old
44 Posts
0
672
June 7th, 2011 13:00
hidden.app
Hello all, I was wondering if anyone has seen this before.
I am receiveing many (thousands) event id 560's in my secuity logs regarding successful "object" access to a file called hidden.app within different users personal folders/drives. I have CIFS which contain many user mapped drives and data but home directory option is not setup. I simply have shares/exports designated for individuals.The alert for these 560s is being reported via our RSA envision product.
Interestingly the hidden.app file appears and reappears without intervention. I have been looking for details on this file and file type and haven't turned up any good results yet.
Does anyone know what this might be? Is it Celerra specific, or is it as I think some profile based app call to a users mapped drive.
Celerra NS42G
v5.6.49.3
0 events found