Filr 3 Clients
Trend Micro Anti-Virus.
NTRtScan.exe seems to be triggering file downloads and should be included in the default blacklisted processes in the next Filr Update.
This process seems to be the Trend Micro AV suite.
The Desktop client logs show entries similar to:2018-06-15 20:30:46,633 [INFO] [Method: CFilterDownloadRequestHandler::ProcessDownload][File: FilterDownloadRequestHandler.cpp] [Line: 260] [Last Error: 0] [Process ID: 7220] - [Thread ID: 7512] : [NTRtScan.exe is downloading Net Folders\Data\Clusters\OES\2018\Node01\Downloads\Micro Focus\Patches.zip]
In Filr 3.4.2 and later code, available over the Filr update channels this executable is made part of the default blacklisted applications.
With NTRtScan.exe not blacklisted, it is able to access all data via the Filr Merged View folder, and trigger an unsolicited download of all data available via the Filr's filesystem.