During the course of a Spirion search, anti-virus applications may create an alert for files created in a subfolder of IDFTmpDir located in the user profile folder. This is not a problem with Spirion, but rather indicates that the user's system already contains one or more infected files.
The files in IDFTmpDir are created during a search, specifically and most commonly when extracting files from archives (e.g., .zip files) or when detaching them from e-mail messages. To search these files, Identity Finder places them in a temporary folder and then attempts to open them for read access. If the file has a virus, the act of extracting or detaching the file to the temporary folder and/or the attempt to read the file may trigger the anti-virus application (depending on its configuration).
If Spirion is configured to log "Locations Searched", you may be able to determine the specific archives or messages that contain the infected file(s); however, in these instances, it is recommended that you perform a full anti-virus scan of the user's system ensuring a search within archive files and e-mail attachments.
In some instances, users of Trend Micro may see a warning showing an exclusion for Spirion on some installs that are flagging "IdentityFinder.exe" under C:\Program Files (x86)\Spirion.
In order for our products to discover sensitive information, they access, read and open many files across the computer including files that belong to other applications or that were previously infected. Because of this, security products may flag our application’s behavior.
There are no known, legitimate software applications that have any predefined definitions that flag our software as a security risk.
Temporary files are also created when downloading files from a website during a Websites search and can be created during other Identity Finder operations such as checking for and downloading updates or analyzing AnyFind definitions.