Many forms of ransomware create files with certain filename patterns.  If users or applications create files that match one or more of these ransomware filename patterns, the file may be flagged as potential ransomware.

If files are triggering ransomware false positives, you can change the name of the files or whitelist the filename pattern to prevent the system from flagging them.

To whitelist a ransomware filename pattern:

1. Go to Morro Audit.

2. Click Alerts in the left side menu.

3. Enter a regular expression in the whitelist field to prevent the filename pattern from being flagged as ransomware.

4. Click Save.

For more information about ransomware alerts, see: