Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?

App Control: Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?

Environment

  • App Control Agent: All Versions
  • App Control Console: All Versions
  • App Control Server: All Versions
  • Microsoft Windows: All Supported Versions

Question

Why is Parity.sys seen in a System process's stack trace if that file/directory is excluded via a rule?

Answer

It is expected that Parity.sys will touch the file/directory in an excluded folder when there is a file operation performed on that folder.
 

Additional Notes

This occurs so that the console has the information it needs to match it against the existing kernel exclusions. If the path matches the exclusion then the operation is ignored and no further analysis happens.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-13-2022
Views:
78
Contributors