There are numerous ways to decode a signature that may be causing you a false positive:
For example:
sigtool –find-sigs “Sanesecurity.Junk.9729”
sigtool –decode-sigs
or
grep “Sanesecurity.Junk.972” junk.ndb|sigtool –decode-sigs
There are numerous ways to decode a signature that may be causing you a false positive:
For example:
sigtool –find-sigs “Sanesecurity.Junk.9729”
sigtool –decode-sigs
or
grep “Sanesecurity.Junk.972” junk.ndb|sigtool –decode-sigs
Permanent link to this article: https://sanesecurity.com/support/signature-decoding/