Filr Desktop Client for Windows allows blacklisted processes to trigger file downloads

  • 7018456
  • 06-Jan-2017
  • 12-Dec-2017

Environment

Micro Focus Filr Desktop Client for Windows
Novell Filr Desktop Client for Windows

Situation

Filr Desktop client can trigger downloads for large numbers of online files when workstation-based applications, such as antivirus scanners and backup software, request access to them. Downloading the files stored in Net Folders can quickly fill up a local disk. As documented in the Filr Administration Guide, please ensure that the Whitelist/Blacklist is up to date and includes all such applications.

In some cases, it was reported that the AVG and Kaspersky scanners were able to trigger file downloads even though the applications were present in the Blacklist.



Resolution

An updated fix for this issue is available in Filr 3.3 Update. A fix for this issue was previously available in the Filr 2.0 - Hot Patch 4 for Filr 2.0 and Filr 3.1 Update for Filr 3.0.

Cause

In some situations, the list of blacklisted applications was being returned as NULL, resulting in file downloads being triggered by blacklisted applications.

Additional Information

To determine which application(s) are making the Filr files available offline, you can investigate the %LOCALAPPDATA%\Novell\Filr\ServiceProvider.log file.

This file useful to determine if the downloading application indeed is a scanner or an other application. However, please be aware that this log file also contains the regular requested file downloads performed by the Filr Desktop client.

In case the application performing the unsolicited downloads is explorer.exe or svchost.exe and the files are mostly compressed archives have a look at TID 7018138.

An additional advantage of configuring the scanner application to exclude the virtual file system, represented in the Filr folder is that this reduces the amount of REST request made by the desktop, that are required to list the files and folders that are available via the Filr infrastructure. This reduces the load on both the workstation as the Filr appliance(s). Therefor there is no harm in excluding the Filr folder permanently from being scanned.

In case the workstation is configured with the default proposed configuration, the data that has been made available offline is stored under "%LOCALAPPDATA%\Filr Storage".
This folder can be scanned, without impact on files being downloaded or additional load on the Filr infrastructure.

To remove the data that was downloaded unsolicited, right-mouse button click on a top level folder in the Filr Area and select "Make available online-only".

Feedback service temporarily unavailable. For content questions or problems, please contact Support.