Solved: Splunk Fish Bucket indicating Virus

indra_wijaya · ‎09-12-2012

Hi Guys,

I have a problem related to Splunk Fishbucket..
When I run my full scan on Splunk server, it found a Trojan on the fishbucket folder.
C:\Program Files\Splunk\var\lib\splunk\fishbucket\4069420869.tmp

Any idea why this is indicated as a Virus?

adamw · ‎09-12-2012

It's likely there used to be a virus with a similar file name, ending in tmp. Some AV programs trigger on any tmp file not actually in the Windows tmp/temp folder, but this is likely a false positive.

View solution in original post

indra_wijaya · ‎09-14-2012

Hi adamw,

Thank you for your reply.. So this is just a false positive alert.. I see then.. Thank you for your response..

adamw · ‎09-12-2012

It's likely there used to be a virus with a similar file name, ending in tmp. Some AV programs trigger on any tmp file not actually in the Windows tmp/temp folder, but this is likely a false positive.

Splunk Fish Bucket indicating Virus

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation