We are running KES Advances V11 and we have a small quantity of users that use Roaming Profiles.
At the end of their sessions, their profiles are transfered to the main file server as is usual. For the last three days we are now recieving alerts of “cryptor style“ variants due to the files that MS Teams uses for it own caching purposes. The files are sequentially named f_000XX etc ..
The files are held within the following directory
Does anyone else have this same problem and what would be the correct solution in order to avoid these false positives.
Strangely enough it doesn’t create an alert on the users machine only on the file server.