The file 'tmp.edb' and other '.edb' files generate an unexpected detection


File "C:\Windows\security\database\tmp.edb" belongs to virus/spyware 'Mal/ZboCheMan-A'.

When the location is investigated, the file often no longer exists.

Locations reported:



The .EDB file extension identifies an Exchange Information Store Database file which belongs to the Microsoft Exchange mail server product. This file type stores information relating to the e-mail databases created by Microsoft Exchange.

C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb is a system file and can be excluded from scans.

Windows security database files ('.edb') may be scanned as part of behavior monitoring i.e Realtime Scanning. 

These files can contain a structure that the Realtime scanner may interpret as malicious whilst the file is in transitional state. 


It is recommended to list these files in Exclusions.

Microsoft have created an article detailing their suggestions for exclusions, we suggest that these are added only when necessary.