Hi - can you explain at what point WordFence creates the file mentioned below?
One of my accounts is running WordPress on a cPanel server with the configserver.com firewall installed. Periodically I receive a "Suspicious File Alert" referencing this file.
Reason: Script, file extension
Owner: nobody:nobody (99:99)
Action: Moved into /etc/csf/suspicious.tar
Q: Is the file legit? At what point does WordFence create this? Is it okay to put the file on a "clean list?" Thanks -