I am having a hard time chasing down some hits inside archive files. The logs forwarded to SEPM and syslog give the file/path field as ">>file" which I assume means it was found inside a packed archive. Without additional information on the parent archive, these become extremely difficult to chase down. More information on the archive detection would be very useful.
↧