securityonion FIX: prevent ISO image from triggering common AV false positives

FIX: prevent ISO image from triggering common AV false positives

Open dougburks opened this issue 3 years ago • 0 comments

We frequently get questions about antivirus alerting for files on the ISO image in SecurityOnion\agrules\strelka\yara\. From https://docs.securityonion.net/en/2.3/download.html:

One option might be to put SecurityOnion\agrules\strelka\yara\ into a password-protected zip file and then only extract when necessary.

Feb 23 '22 16:02 dougburks

securityonion securityonion copied to clipboard

FIX: prevent ISO image from triggering common AV false positives

securityonion
securityonion copied to clipboard