OwlyShield detect taskhostw.exe or svchost.exe like Ransomware activity during Windows Update execution

[mostonet]

Type: BUG/False positive
Tested on: Windows 10, Server 2016, Windows 11
Workaround: Exclusion in exclusions.txt

Dear OwlyShield Team
I would like to inform you of the problem in question.
How is it possible to whitelist the two files: taskhostw.exe and svchost.exe inside the exclusions.txt file
With what syntax should the TXT file be compiled?
Can you post a concrete example while waiting for a resolution to the problem?
A thousand thanks.

[dlescos]

Hi,

Thank you for your feedback!

We have indeed observed false positives with extreme disk activities, especially those arising from Windows updates.

We are working on implementing additional features to our model, which is time-consuming. We aim to release these updates by the end of September or early October (and take this opportunity to refresh our lagging GitHub repository).

You got it right: in the meantime, please ensure that you populate the file C:\Program Files\Owlyshield Ransom Community\config\exclusions.txt with the following content:

taskhostw.exe
svchost.exe

Then, restart the Owlyshield service.