ATP identified "[email protected]"

Good morning,

our customer’s ATP (Advanced Threat Protection) identified the function “[email protected]”. What is this function doing?

He want to isolate this function.

Thank you

It’s a core function used by our virtual file system engine. The NtQueryDirectoryFile routine returns various kinds of information about files in the directory specified by a given file handle. There is no special reason why an antivirus would not allow applications to use that Windows API.
Did you code sign your EXE file?