Huorong-ATP-Rules icon indicating copy to clipboard operation
Huorong-ATP-Rules copied to clipboard
verified publisher icon JerryLinLinLin

[FP] foobar2000 整合版本 foo_lastfm_img.vbs 误报

Open tty228 opened this issue 9 months ago • 2 comments

  • Win 版本号:Windows 11 23H2
  • 火绒版本号:6.0.6.1
  • 火绒日志 :
触犯规则:Suspicious.ScriptHost.A
操作类型:【执行】
操作文件:C:\WINDOWS\System32\conhost.exe
操作结果:已阻止

进程ID:10772
操作进程:D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\foo_lastfm_img.vbs
操作进程命令行:C:\Windows\System32\cscript.exe //nologo "D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\foo_lastfm_img.vbs" https://lastfm.freetls.fastly.net/i/u/5014ab4c6883863caec865146b52bc88 "D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\biography-cache\art_img\t\Taylor Swift\Taylor Swift_5014ab4c6883863caec865146b52bc88.jpg" 
父进程ID:32368
父进程:D:\Program Files\foobar2000\foobar2000.exe
父进程命令行:"D:\Program Files\foobar2000\foobar2000.exe"

  • 截图 (可选)

  • 触发场景描述:foobar2000 整合版本,播放歌曲时会自动从 lastfm 获取音乐专辑封面

  • Windows version

  • Huorong version

  • Huorong logs (open the Huorong log interface, select the corresponding logs, export/copy-paste them here)

  • Screenshots (optional)

  • Methods to reproduce the issue (optional)

自动处理: Image

tty228 avatar May 25 '25 15:05 tty228

  • Win 版本号:Windows 11 23H2

    • 火绒版本号:6.0.6.1

    • 火绒日志 :

触犯规则:Suspicious.ScriptHost.A
操作类型:【执行】
操作文件:C:\WINDOWS\System32\conhost.exe
操作结果:已阻止

进程ID:10772
操作进程:D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\foo_lastfm_img.vbs
操作进程命令行:C:\Windows\System32\cscript.exe //nologo "D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\foo_lastfm_img.vbs" https://lastfm.freetls.fastly.net/i/u/5014ab4c6883863caec865146b52bc88 "D:\Program Files\foobar2000\profile\foo_uie_jsplitter\package_data\{BA9557CE-7B4B-4E0E-9373-99F511E81252}\biography-cache\art_img\t\Taylor Swift\Taylor Swift_5014ab4c6883863caec865146b52bc88.jpg" 
父进程ID:32368
父进程:D:\Program Files\foobar2000\foobar2000.exe
父进程命令行:"D:\Program Files\foobar2000\foobar2000.exe" 

* 截图 (可选)

* 触发场景描述:foobar2000 整合版本,播放歌曲时会自动从 lastfm 获取音乐专辑封面

* Windows version

* Huorong version

* Huorong  logs (open the Huorong  log interface, select the corresponding logs, export/copy-paste them here)

* Screenshots (optional)

* Methods to reproduce the issue (optional)

自动处理: Image

Fixed in my fork: https://github.com/colinxu2020/Huorong-ATP-Rules/tree/master.

It's likely that this project is not maintanced by @JerryLinLinLin any more. Wishing he will accept my Pull Request(#29 ).

colinxu2020 avatar Jun 01 '25 12:06 colinxu2020

You can download the most recent release from https://github.com/colinxu2020/Huorong-ATP-Rules/releases/, which has fixed the false-positive report.

colinxu2020 avatar Jun 01 '25 12:06 colinxu2020