Hi iDeNt_5,
Thanks for sharing the case number. I was able to reproduce, and it's not really about the component, it's about the .Explorer part of the name which is being parsed as an extension, which is a real extension used by the Explorer ransomware, so a case of unfortunate naming + match.
Agree though that it should be handled better. Will discuss internally best way to handle, but for now please continue using the exclusion.
Thanks for sharing the case number. I was able to reproduce, and it's not really about the component, it's about the .Explorer part of the name which is being parsed as an extension, which is a real extension used by the Explorer ransomware, so a case of unfortunate naming + match.
Agree though that it should be handled better. Will discuss internally best way to handle, but for now please continue using the exclusion.
Statistics: Posted by david.domask — Jul 21, 2025 10:04 am
