Page 1 of 1

Excluding Suspicious Process

Posted: 22 Sep 2020, 17:55
by consultant
I've searched and read many posts on this topics before but I still don't find it clear what specific syntax to use in the csf.pignore file. These is the type of warning I'm trying to ignore.

lfd[5333]: *Suspicious Process* PID:3792 PPID:3788 User:username Uptime:121 secs EXE:/home/virtfs/elemcms/opt/cpanel/ea-php73/root/usr/bin/php CMD:/opt/cpanel/ea-php73/root/usr/bin/php -f cron.php

Right now I have:

pcmd:cron\.php$
cmd:cron\.php$

There's so many different options of what to specify in the file and the syntax, it leaves most users like myself on sort of a trial and error quest and so for I'm unsuccessful.