VirtualBench

cancel
Showing results for 
Search instead for 
Did you mean: 

Virtualbench 18.0.0.49152 and temporary files

In our student lab, Virtualbench software (specifically virtualbench.exe) is triggering a custom anti-virus rule because it is creating files with random 8 character names and the extension .ryk in the folder %userprofile%\appdata\local\temp\WPF. This is happening with virtualbench.exe launched from a locally-installed copy, and from the version that is invoked from the launcher provided by the device itself.

 

I need to know if these temporary files are created by Virtualbench as part of its normal operation, as the extension .ryk is used by the Ryuk ransomware for the encrypted files it drops. I do think that this is probably a false positive, but I need to take an assurance of this to my institute's security team for them to add an exception to the rule.

 

Thanks in advance for any assistance. Please contact me if you need more details.

0 Kudos
Message 1 of 1
(93 Views)