WatchGuard Support Center

Knowledge Base - Article

 TDR classifies temp files from Windows BITS as Malicious

Products: TDR
Operating System: TDR
Issue Status: Open
Tracking ID: TDR-176
Status: Open
Resolved In:
The TDR Host Sensor may classify temporary files from Windows Background Intelligent Transfer Service (BITS) as malicious. These files are located in %APPDATA%\local\temp\ with names such asĀ BITxxxx.tmp.

These files are benign and do not pose a threat.
Add a custom exclusion in TDR:
  1. In the TDR Web UI, navigateĀ to Configuration > Exclusion.
  2. Add a new exclusion for files matching c:\Users\*\Appdata\Local\Temp\BIT*.tmp
There is no security risk in creating this exclusion. The temporary file in this location is incomplete and does not pose a threat. When the file download is complete, the temporary file is renamed and moved to its final destination. The TDR Host Sensor detects this move and fully scans the file when it is downloaded.